You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by "Paul J. Reder" <re...@remulak.net> on 2004/02/24 18:58:00 UTC
[Patch]: Proposed patch to remove compile-time RequestLine length
limit.
The patch below is against current 2.1-dev head. It allows the user to
specify a LimitRequestLine value at config time and removes the compile-time
limits.
I'll commit this in a day or two if there are no comments to the contrary.
I just wanted to make sure I hadn't missed anything.
Thanks,
--
Paul J. Reder
-----------------------------------------------------------
"The strength of the Constitution lies entirely in the determination of each
citizen to defend it. Only if every single citizen feels duty bound to do
his share in this defense are the constitutional rights secure."
-- Albert Einstein
Index: httpd-2.0/server/core.c
===================================================================
RCS file: /home/cvs/httpd-2.0/server/core.c,v
retrieving revision 1.261
diff -u -r1.261 core.c
--- httpd-2.0/server/core.c 19 Feb 2004 11:19:43 -0000 1.261
+++ httpd-2.0/server/core.c 24 Feb 2004 17:36:35 -0000
@@ -2437,12 +2437,6 @@
"\" must be a non-negative integer", NULL);
}
- if (lim > DEFAULT_LIMIT_REQUEST_LINE) {
- return apr_psprintf(cmd->temp_pool, "LimitRequestLine \"%s\" "
- "must not exceed the precompiled maximum of %d",
- arg, DEFAULT_LIMIT_REQUEST_LINE);
- }
-
cmd->server->limit_req_line = lim;
return NULL;
}
Index: httpd-2.0/server/protocol.c
===================================================================
RCS file: /home/cvs/httpd-2.0/server/protocol.c,v
retrieving revision 1.145
diff -u -r1.145 protocol.c
--- httpd-2.0/server/protocol.c 9 Feb 2004 20:40:49 -0000 1.145
+++ httpd-2.0/server/protocol.c 24 Feb 2004 17:36:36 -0000
@@ -577,11 +577,22 @@
* if there are empty lines
*/
r->the_request = NULL;
- rv = ap_rgetline(&(r->the_request), DEFAULT_LIMIT_REQUEST_LINE + 2,
+ rv = ap_rgetline(&(r->the_request), (apr_size_t)(r->server->limit_req_line + 2),
&len, r, 0, bb);
if (rv != APR_SUCCESS) {
r->request_time = apr_time_now();
+
+ /* ap_rgetline returns APR_ENOSPC if it fills up the
+ * buffer before finding the end-of-line. This is only going to
+ * happen if it exceeds the configured limit for a request-line.
+ */
+ if (rv == APR_ENOSPC) {
+ r->status = HTTP_REQUEST_URI_TOO_LARGE;
+ r->proto_num = HTTP_VERSION(1,0);
+ r->protocol = apr_pstrdup(r->pool, "HTTP/1.0");
+ }
+
return 0;
}
} while ((len <= 0) && (++num_blank_lines < max_blank_lines));
@@ -611,18 +622,6 @@
ap_parse_uri(r, uri);
- /* ap_getline returns (size of max buffer - 1) if it fills up the
- * buffer before finding the end-of-line. This is only going to
- * happen if it exceeds the configured limit for a request-line.
- * The cast is safe, limit_req_line cannot be negative
- */
- if (len > (apr_size_t)r->server->limit_req_line) {
- r->status = HTTP_REQUEST_URI_TOO_LARGE;
- r->proto_num = HTTP_VERSION(1,0);
- r->protocol = apr_pstrdup(r->pool, "HTTP/1.0");
- return 0;
- }
-
if (ll[0]) {
r->assbackwards = 0;
pro = ll;
@@ -856,7 +855,7 @@
if (!read_request_line(r, tmp_bb)) {
if (r->status == HTTP_REQUEST_URI_TOO_LARGE) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "request failed: URI too long");
+ "request failed: URI too long (longer than %d)", r->server->limit_req_line);
ap_send_error_response(r, 0);
ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
ap_run_log_transaction(r);