You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by re...@apache.org on 2004/03/01 22:40:44 UTC
cvs commit: httpd-2.0/server core.c protocol.c
rederpj 2004/03/01 13:40:44
Modified: . CHANGES
server core.c protocol.c
Log:
*) Remove compile-time length limit on request strings. Length is
now enforced solely with the LimitRequestLine config directive.
[Paul J. Reder]
Revision Changes Path
1.1414 +4 -0 httpd-2.0/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/httpd-2.0/CHANGES,v
retrieving revision 1.1413
retrieving revision 1.1414
diff -u -r1.1413 -r1.1414
--- CHANGES 29 Feb 2004 14:54:24 -0000 1.1413
+++ CHANGES 1 Mar 2004 21:40:44 -0000 1.1414
@@ -2,6 +2,10 @@
[Remove entries to the current 2.0 section below, when backported]
+ *) Remove compile-time length limit on request strings. Length is
+ now enforced solely with the LimitRequestLine config directive.
+ [Paul J. Reder]
+
*) mod_ssl: Send the Close Alert message to the peer before closing
the SSL session. [Madhusudan Mathihalli, Joe Orton]
1.264 +0 -6 httpd-2.0/server/core.c
Index: core.c
===================================================================
RCS file: /home/cvs/httpd-2.0/server/core.c,v
retrieving revision 1.263
retrieving revision 1.264
diff -u -r1.263 -r1.264
--- core.c 29 Feb 2004 00:25:48 -0000 1.263
+++ core.c 1 Mar 2004 21:40:44 -0000 1.264
@@ -2437,12 +2437,6 @@
"\" must be a non-negative integer", NULL);
}
- if (lim > DEFAULT_LIMIT_REQUEST_LINE) {
- return apr_psprintf(cmd->temp_pool, "LimitRequestLine \"%s\" "
- "must not exceed the precompiled maximum of %d",
- arg, DEFAULT_LIMIT_REQUEST_LINE);
- }
-
cmd->server->limit_req_line = lim;
return NULL;
}
1.146 +13 -14 httpd-2.0/server/protocol.c
Index: protocol.c
===================================================================
RCS file: /home/cvs/httpd-2.0/server/protocol.c,v
retrieving revision 1.145
retrieving revision 1.146
diff -u -r1.145 -r1.146
--- protocol.c 9 Feb 2004 20:40:49 -0000 1.145
+++ protocol.c 1 Mar 2004 21:40:44 -0000 1.146
@@ -577,11 +577,22 @@
* if there are empty lines
*/
r->the_request = NULL;
- rv = ap_rgetline(&(r->the_request), DEFAULT_LIMIT_REQUEST_LINE + 2,
+ rv = ap_rgetline(&(r->the_request), (apr_size_t)(r->server->limit_req_line + 2),
&len, r, 0, bb);
if (rv != APR_SUCCESS) {
r->request_time = apr_time_now();
+
+ /* ap_rgetline returns APR_ENOSPC if it fills up the
+ * buffer before finding the end-of-line. This is only going to
+ * happen if it exceeds the configured limit for a request-line.
+ */
+ if (rv == APR_ENOSPC) {
+ r->status = HTTP_REQUEST_URI_TOO_LARGE;
+ r->proto_num = HTTP_VERSION(1,0);
+ r->protocol = apr_pstrdup(r->pool, "HTTP/1.0");
+ }
+
return 0;
}
} while ((len <= 0) && (++num_blank_lines < max_blank_lines));
@@ -611,18 +622,6 @@
ap_parse_uri(r, uri);
- /* ap_getline returns (size of max buffer - 1) if it fills up the
- * buffer before finding the end-of-line. This is only going to
- * happen if it exceeds the configured limit for a request-line.
- * The cast is safe, limit_req_line cannot be negative
- */
- if (len > (apr_size_t)r->server->limit_req_line) {
- r->status = HTTP_REQUEST_URI_TOO_LARGE;
- r->proto_num = HTTP_VERSION(1,0);
- r->protocol = apr_pstrdup(r->pool, "HTTP/1.0");
- return 0;
- }
-
if (ll[0]) {
r->assbackwards = 0;
pro = ll;
@@ -856,7 +855,7 @@
if (!read_request_line(r, tmp_bb)) {
if (r->status == HTTP_REQUEST_URI_TOO_LARGE) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "request failed: URI too long");
+ "request failed: URI too long (longer than %d)", r->server->limit_req_line);
ap_send_error_response(r, 0);
ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
ap_run_log_transaction(r);