You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apreq-cvs@httpd.apache.org by jo...@apache.org on 2003/06/27 15:50:38 UTC
cvs commit: httpd-apreq-2/src apreq_params.c apreq_parsers.c apreq_parsers.h
joes 2003/06/27 06:50:38
Modified: src apreq_params.c apreq_parsers.c apreq_parsers.h
Log:
Added default config & sanity checks
Revision Changes Path
1.24 +12 -2 httpd-apreq-2/src/apreq_params.c
Index: apreq_params.c
===================================================================
RCS file: /home/cvs/httpd-apreq-2/src/apreq_params.c,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- apreq_params.c 27 Jun 2003 11:41:06 -0000 1.23
+++ apreq_params.c 27 Jun 2003 13:50:37 -0000 1.24
@@ -64,6 +64,13 @@
#define p2v(param) ( (param) ? &(param)->v : NULL )
#define UPGRADE(s) apreq_value_to_param(apreq_char_to_value(s))
+static const apreq_cfg_t default_cfg = {
+ 1024 * 1024,
+ 8192 * 2,
+ 200,
+ 8192 * 8
+};
+
APREQ_DECLARE(apreq_param_t *) apreq_make_param(apr_pool_t *p,
const char *name,
@@ -124,11 +131,12 @@
req = apr_palloc(p, sizeof *req);
req->env = env;
req->args = apr_table_make(p, APREQ_NELTS);
- req->cfg = NULL;
+ req->cfg = apr_palloc(p, sizeof(apreq_cfg_t));
req->body = NULL;
req->parser = apreq_parser(env, NULL);
req->pool = p;
+ *req->cfg = default_cfg;
/* XXX need to install copy/merge callbacks for apreq_param_t */
/* XXX get/set race condition here wrt apreq_env_request? */
@@ -146,10 +154,12 @@
req = apr_palloc(p, sizeof *req);
req->env = env;
req->args = apr_table_make(p, APREQ_NELTS);
- req->cfg = NULL;
+ req->cfg = apr_palloc(p, sizeof(apreq_cfg_t));
req->body = NULL;
req->parser = apreq_parser(env, NULL);
req->pool = p;
+
+ *req->cfg = default_cfg;
/* XXX need to install copy/merge callbacks for apreq_param_t */
}
1.29 +40 -10 httpd-apreq-2/src/apreq_parsers.c
Index: apreq_parsers.c
===================================================================
RCS file: /home/cvs/httpd-apreq-2/src/apreq_parsers.c,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- apreq_parsers.c 27 Jun 2003 11:41:06 -0000 1.28
+++ apreq_parsers.c 27 Jun 2003 13:50:38 -0000 1.29
@@ -78,6 +78,28 @@
#define apr_table_pool(t) ((apr_array_header_t *)(t))->pool
#endif
+#define SANITY_CHECK do { \
+ apr_off_t off; \
+ apr_status_t s = apr_brigade_length(bb, 0, &off); \
+ if (s != APR_SUCCESS) \
+ return s; \
+ ctx->bytes_seen += off; \
+ if (ck_sanity(cfg, ctx->bytes_seen, apr_table_elts(t)->nelts)) \
+ return APR_EGENERAL; \
+} while (0)
+
+APR_INLINE
+static apr_status_t ck_sanity(const apreq_cfg_t *cfg,
+ const apr_off_t bytes_seen,
+ const int fields)
+{
+ if (cfg->max_len < bytes_seen || cfg->max_fields < fields)
+ return APR_EGENERAL;
+ else
+ return APR_SUCCESS;
+}
+
+
APREQ_DECLARE(apreq_parser_t *) apreq_make_parser(apr_pool_t *pool,
const char *type,
APREQ_DECLARE_PARSER(*parser),
@@ -232,6 +254,7 @@
}
struct url_ctx {
+ apr_off_t bytes_seen;
apr_status_t status;
};
@@ -251,6 +274,8 @@
}
ctx = parser->ctx;
+ SANITY_CHECK;
+
parse_url_brigade:
ctx->status = URL_NAME;
@@ -270,7 +295,6 @@
if ( s != APR_SUCCESS )
return s;
-
parse_url_bucket:
switch (ctx->status) {
@@ -403,6 +427,7 @@
}
struct hdr_ctx {
+ apr_off_t bytes_seen;
apr_status_t status;
};
@@ -425,6 +450,9 @@
ctx = parser->ctx;
+ if (ck_sanity(cfg, cfg->max_len, apr_table_elts(t)->nelts))
+ return APR_EGENERAL;
+
parse_hdr_brigade:
/* parse the brigade for CRLF_CRLF-terminated header block,
@@ -594,6 +622,7 @@
apreq_parser_t *hdr_parser;
const apr_strmatch_pattern *pattern;
char *bdry;
+ apr_off_t bytes_seen;
apr_status_t status;
};
@@ -685,10 +714,10 @@
#define MAX_FILE_BUCKET_LENGTH ( 1 << ( 6 * sizeof(apr_size_t) ) )
-static apr_status_t apreq_bb_concat(apr_pool_t *pool,
- const apreq_cfg_t *cfg,
- apr_bucket_brigade *out,
- apr_bucket_brigade *in)
+static apr_status_t bb_concat(apr_pool_t *pool,
+ const apreq_cfg_t *cfg,
+ apr_bucket_brigade *out,
+ apr_bucket_brigade *in)
{
apr_bucket *last = APR_BRIGADE_LAST(out);
apr_status_t s;
@@ -823,6 +852,8 @@
{
apr_pool_t *pool = apr_table_pool(t);
struct mfd_ctx *ctx = parser->ctx;
+ apr_off_t off;
+ apr_status_t s;
#define MFD_INIT 0
#define MFD_NEXTLINE 1
@@ -834,7 +865,6 @@
if (parser->ctx == NULL) {
char *ct;
apr_size_t blen;
- apr_status_t s;
ctx = apr_pcalloc(pool, sizeof *ctx);
@@ -867,6 +897,7 @@
parser->ctx = ctx;
}
+ SANITY_CHECK;
mfd_parse_brigade:
@@ -874,7 +905,6 @@
case MFD_INIT:
{
- apr_status_t s;
s = split_on_bdry(pool, ctx->bb, bb, NULL, ctx->bdry + 2);
if (s != APR_SUCCESS) {
return s;
@@ -1020,7 +1050,7 @@
if (s != APR_INCOMPLETE && s != APR_SUCCESS)
return s;
}
- return apreq_bb_concat(pool, cfg, param->bb, ctx->bb);
+ return bb_concat(pool, cfg, param->bb, ctx->bb);
case APR_SUCCESS:
if (parser->hook) {
@@ -1033,8 +1063,8 @@
return s;
}
- param->v.status = apreq_bb_concat(pool, cfg,
- param->bb, ctx->bb);
+ param->v.status = bb_concat(pool, cfg,
+ param->bb, ctx->bb);
if (param->v.status != APR_SUCCESS)
return s;
1.17 +4 -3 httpd-apreq-2/src/apreq_parsers.h
Index: apreq_parsers.h
===================================================================
RCS file: /home/cvs/httpd-apreq-2/src/apreq_parsers.h,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- apreq_parsers.h 27 Jun 2003 11:41:06 -0000 1.16
+++ apreq_parsers.h 27 Jun 2003 13:50:38 -0000 1.17
@@ -25,11 +25,12 @@
/** Request config */
typedef struct apreq_cfg_t {
- char *temp_dir;
- apr_size_t max_brigade_len;
apr_off_t max_len;
- int read_bytes;
+ apr_size_t max_brigade_len; /* in-memory cutoff */
+ int max_fields;
+ int read_bytes; /* prefetch length */
int disable_uploads;
+ char *temp_dir;
} apreq_cfg_t;