httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jerenkra...@apache.org
Subject cvs commit: httpd-2.0/server core.c protocol.c
Date Mon, 08 Mar 2004 22:54:20 GMT
jerenkrantz    2004/03/08 14:54:20

  Modified:    .        Tag: APACHE_2_0_BRANCH CHANGES
               server   Tag: APACHE_2_0_BRANCH core.c protocol.c
  Log:
  Remove compile-time length limit on request strings. Length is
  now enforced solely with the LimitRequestLine config directive.
  
  Submitted by:	Paul J. Reder
  Reviewed by:	rederpj, jerenkrantz, trawick
  
  Revision  Changes    Path
  No                   revision
  No                   revision
  1.988.2.250 +4 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.988.2.249
  retrieving revision 1.988.2.250
  diff -u -u -r1.988.2.249 -r1.988.2.250
  --- CHANGES	8 Mar 2004 17:40:33 -0000	1.988.2.249
  +++ CHANGES	8 Mar 2004 22:54:19 -0000	1.988.2.250
  @@ -1,5 +1,9 @@
   Changes with Apache 2.0.49
   
  +  *) Remove compile-time length limit on request strings. Length is
  +     now enforced solely with the LimitRequestLine config directive.
  +     [Paul J. Reder]
  +
     *) mod_ssl: Send the Close Alert message to the peer before closing
        the SSL session.  PR 27428.  [Madhusudan Mathihalli, Joe Orton]
   
  
  
  
  No                   revision
  No                   revision
  1.225.2.17 +0 -6      httpd-2.0/server/core.c
  
  Index: core.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/server/core.c,v
  retrieving revision 1.225.2.16
  retrieving revision 1.225.2.17
  diff -u -u -r1.225.2.16 -r1.225.2.17
  --- core.c	8 Mar 2004 17:40:37 -0000	1.225.2.16
  +++ core.c	8 Mar 2004 22:54:20 -0000	1.225.2.17
  @@ -2446,12 +2446,6 @@
                              "\" must be a non-negative integer", NULL);
       }
   
  -    if (lim > DEFAULT_LIMIT_REQUEST_LINE) {
  -        return apr_psprintf(cmd->temp_pool, "LimitRequestLine \"%s\" "
  -                            "must not exceed the precompiled maximum of %d",
  -                            arg, DEFAULT_LIMIT_REQUEST_LINE);
  -    }
  -
       cmd->server->limit_req_line = lim;
       return NULL;
   }
  
  
  
  1.121.2.16 +13 -14    httpd-2.0/server/protocol.c
  
  Index: protocol.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/server/protocol.c,v
  retrieving revision 1.121.2.15
  retrieving revision 1.121.2.16
  diff -u -u -r1.121.2.15 -r1.121.2.16
  --- protocol.c	9 Feb 2004 20:59:46 -0000	1.121.2.15
  +++ protocol.c	8 Mar 2004 22:54:20 -0000	1.121.2.16
  @@ -578,11 +578,22 @@
            * if there are empty lines
            */
           r->the_request = NULL;
  -        rv = ap_rgetline(&(r->the_request), DEFAULT_LIMIT_REQUEST_LINE + 2,
  +        rv = ap_rgetline(&(r->the_request), (apr_size_t)(r->server->limit_req_line
+ 2),
                            &len, r, 0, bb);
   
           if (rv != APR_SUCCESS) {
               r->request_time = apr_time_now();
  +
  +            /* ap_rgetline returns APR_ENOSPC if it fills up the
  +             * buffer before finding the end-of-line.  This is only going to
  +             * happen if it exceeds the configured limit for a request-line.
  +             */
  +            if (rv == APR_ENOSPC) {
  +                r->status    = HTTP_REQUEST_URI_TOO_LARGE;
  +                r->proto_num = HTTP_VERSION(1,0);
  +                r->protocol  = apr_pstrdup(r->pool, "HTTP/1.0");
  +            }
  +
               return 0;
           }
       } while ((len <= 0) && (++num_blank_lines < max_blank_lines));
  @@ -612,18 +623,6 @@
   
       ap_parse_uri(r, uri);
   
  -    /* ap_getline returns (size of max buffer - 1) if it fills up the
  -     * buffer before finding the end-of-line.  This is only going to
  -     * happen if it exceeds the configured limit for a request-line.
  -     * The cast is safe, limit_req_line cannot be negative
  -     */
  -    if (len > (apr_size_t)r->server->limit_req_line) {
  -        r->status    = HTTP_REQUEST_URI_TOO_LARGE;
  -        r->proto_num = HTTP_VERSION(1,0);
  -        r->protocol  = apr_pstrdup(r->pool, "HTTP/1.0");
  -        return 0;
  -    }
  -
       if (ll[0]) {
           r->assbackwards = 0;
           pro = ll;
  @@ -859,7 +858,7 @@
       if (!read_request_line(r, tmp_bb)) {
           if (r->status == HTTP_REQUEST_URI_TOO_LARGE) {
               ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
  -                          "request failed: URI too long");
  +                          "request failed: URI too long (longer than %d)", r->server->limit_req_line);
               ap_send_error_response(r, 0);
               ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
               ap_run_log_transaction(r);
  
  
  

Mime
View raw message