You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2016/08/10 13:39:35 UTC

svn commit: r1755744 - /httpd/httpd/trunk/server/protocol.c

Author: wrowe
Date: Wed Aug 10 13:39:35 2016
New Revision: 1755744

URL: http://svn.apache.org/viewvc?rev=1755744&view=rev
Log:
Follow on to r1755264, for the case of merged header length exceptions,
and ensure the field header name is truncated to a sane log width.

  Stop reflecting irrelevant data to the request error notes, particularly
  for abusive and malformed traffic the non-technical consumer of a user-agent
  has no control over.

  Simply take note where the administrator-configured limits have been exceeded,
  that administrator can find details in the error log if desired.


Modified:
    httpd/httpd/trunk/server/protocol.c

Modified: httpd/httpd/trunk/server/protocol.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/protocol.c?rev=1755744&r1=1755743&r2=1755744&view=diff
==============================================================================
--- httpd/httpd/trunk/server/protocol.c (original)
+++ httpd/httpd/trunk/server/protocol.c Wed Aug 10 13:39:35 2016
@@ -743,6 +743,16 @@ static int read_request_line(request_rec
     return 1;
 }
 
+/* get the length of the field name for logging, but no more than 80 bytes */
+#define LOG_NAME_MAX_LEN 80
+static int field_name_len(const char *field)
+{
+    const char *end = ap_strchr_c(field, ':');
+    if (end == NULL || end - field > LOG_NAME_MAX_LEN)
+        return LOG_NAME_MAX_LEN;
+    return end - field;
+}
+
 static int table_do_fn_check_lengths(void *r_, const char *key,
                                      const char *value)
 {
@@ -752,26 +762,13 @@ static int table_do_fn_check_lengths(voi
 
     r->status = HTTP_BAD_REQUEST;
     apr_table_setn(r->notes, "error-notes",
-                   apr_pstrcat(r->pool, "Size of a request header field "
-                               "after merging exceeds server limit.<br />"
-                               "\n<pre>\n",
-                               ap_escape_html(r->pool, key),
-                               "</pre>\n", NULL));
-    ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00560) "Request header "
-                  "exceeds LimitRequestFieldSize after merging: %s", key);
+                   "Size of a request header field exceeds server limit.");
+    ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00560) "Request "
+                  "header exceeds LimitRequestFieldSize after merging: %.*s",
+                  field_name_len(key), key);
     return 0;
 }
 
-/* get the length of the field name for logging, but no more than 80 bytes */
-#define LOG_NAME_MAX_LEN 80
-static int field_name_len(const char *field)
-{
-    const char *end = ap_strchr_c(field, ':');
-    if (end == NULL || end - field > LOG_NAME_MAX_LEN)
-        return LOG_NAME_MAX_LEN;
-    return end - field;
-}
-
 AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb)
 {
     char *last_field = NULL;