You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2013/02/18 23:36:57 UTC

[Bug 54578] New: Bad docs or unchecked code for "LimitRequestFields"?

https://issues.apache.org/bugzilla/show_bug.cgi?id=54578

            Bug ID: 54578
           Summary: Bad docs or unchecked code for "LimitRequestFields"?
           Product: Apache httpd-2
           Version: 2.4.3
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Core
          Assignee: bugs@httpd.apache.org
          Reporter: tixu@cs.ucsd.edu
    Classification: Unclassified

Hi, 

>From the online docs
(http://httpd.apache.org/docs/2.4/mod/core.html#limitrequestfields), the
"LimitRequestFields" directive is specified to be "an integer from 0 (meaning
unlimited) to 32767."

However, in the source code, there's no place tells that where 32767 comes
from.
Also, if I configure it to be 100000, the server starts without any warning. 

I wonder whether it's a bug of documentation, or setting the number to be
larger than 32767 would cause further problems? In the latter case, we'd better
check the value in the parsing function.

Thanks,
Tianyin

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 54578] Bad docs or unchecked code for "LimitRequestFields"?

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=54578

Takashi Sato <ta...@tks.st> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |takashi.asfbugzilla@tks.st

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 54578] Bad docs or unchecked code for "LimitRequestFields"?

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=54578

--- Comment #1 from Tianyin Xu <ti...@cs.ucsd.edu> ---
The same thing for "LimitRequestBody", the docs say

"the number of bytes from 0 (meaning unlimited) to 2147483647 (2GB)"
http://httpd.apache.org/docs/2.4/mod/core.html#limitrequestbody

I set the number to be 2147483648 and my httpd server starts without any
problem. And I also didn't find any place in the source code that shows the
upper limit.

T

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 54578] Bad docs or unchecked code for "LimitRequestFields"?

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=54578

Tianyin Xu <ti...@cs.ucsd.edu> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |tixu@cs.ucsd.edu

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 54578] Bad docs or unchecked code for "LimitRequestFields"?

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=54578

--- Comment #2 from Yann Ylavic <yl...@gmail.com> ---
The checked limits really depends on the system (eg. 32/64/other-bit) and its
integer types.

LimitRequestFields is an int (16-bit some time ago), whereas LimitRequestBody
is an off_t (32-bit likewise), hence the limits specified in the
(outdated-)doc.

For LimitRequestFields the code could probably enforce a reasonable hard limit
below the one of today's 32-or-more-bit archs (and 32767 seems quite
appropriate).

For LimitRequestBody however the documented limit may not be enough, although
the code really use an off_t (which is often 64-or-more-bit now, even on
LARGEFILE 32-bit archs), so maybe the doc could mention a "[file]system limit"
(instead of an hard one).

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org