httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 39243] - Can't post files larger than 128k onto ssl client cert secured site
Date Fri, 14 Jul 2006 14:18:06 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39243>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=39243





------- Additional Comments From p.c.c.wagemans@kpn.com  2006-07-14 14:18 -------

> what is your input on changing the limit to 256K?  Would that be
> sufficient or not?

No. We're looking at megabyte SOAP POSTs.

> Overloading LimitRequestBody for such a purpose is not acceptable,
> no - the default is unlimited.

With that overload idea, the default value of zero (unlimited) would
be translated to the hard-coded value to protect against DOS attempts.
Defining a positive size for LimitRequestBody would allow that size to
be buffered for POSTs in mod_ssl (because it seems sensible to keep
functioning up to the specified limit). I had something along these
lines in mind:

--- httpd-2.0.46/modules/ssl/ssl_engine_io.c.old ...
+++ httpd-2.0.46/modules/ssl/ssl_engine_io.c.new ...
@@ -1395,8 +1395,17 @@
     struct modssl_buffer_ctx *ctx;
     apr_bucket_brigade *tempb;
     apr_off_t total = 0; /* total length buffered */
+    apr_off_t max_ssl_buffered = 0; /* Maximum allowed memory buffering of ssl
data. */
     int eos = 0; /* non-zero once EOS is seen */
     
+    max_ssl_buffered = ap_get_limit_req_body( r );
+
+    if (max_ssl_buffered == 0) { 
+      /* If undefined/unlimited, use default limit to defend against
+       * DOS attempts. */
+      max_ssl_buffered = SSL_MAX_IO_BUFFER;
+    }
+
     /* Create the context which will be passed to the input filter. */
     ctx = apr_palloc(r->pool, sizeof *ctx);
     ctx->bb = apr_brigade_create(r->pool, c->bucket_alloc);
@@ -1460,7 +1469,7 @@
                       total, eos);
 
         /* Fail if this exceeds the maximum buffer size. */
-        if (total > SSL_MAX_IO_BUFFER) {
+        if (total > max_ssl_buffered) {
             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                           "request body exceeds maximum size for SSL buffer");
             return HTTP_REQUEST_ENTITY_TOO_LARGE;



-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message