On Wed, 26 Feb 1997, Marc Slemko wrote:
> Right now when we get a header that is too long we just exit. We should
> return a 414, but that's not overly nice given the current structure.
If this is considered a bug, I've written code which would fix it.
However, it does seem like a feature...
<shrug> The code I use is included below. Line numbers are probably screwy.
Actually, looking at it now, isn't there a memory leak at
if (len == (HUGE_STRING_LEN - 1))
return 0; /* Should be a 414 error status instead */
since with the zero return from read_request_line, we get
if (!read_request_line (r)) return NULL;
in read_request, which means the child forgets about this request?
The pool system should mostly compensate that problem, but if
MaxRequestPerChild is set high an attacker or a broken client could bloat
children using this (or so it seems to me).
-- Ed Korthof | Web Server Engineer --
-- ed@organic.com | Organic Online, Inc --
-- (415) 278-5676 | Fax: (415) 284-6891 --
*** http_protocol.c.orig Wed Feb 19 18:00:13 1997
--- http_protocol.c Thu Feb 20 13:50:37 1997
***************
*** 694,701 ****
--- 704,729 ----
}
}
+ /* Not good encapsulation, but we need die() in case we decide
+ * to terminate a connection, which can legitamitely happen here.
+ */
+
+ extern void die(int, request_rec *);
+ void early_death_for_connection (conn_rec *conn, int status, request_rec * r)
+ {
+ if (!r) { /* this should never happen--but we're 'finished' if it does */
+ return;
+ }
+ r->header_only=0;
+ log_transaction(r);
+ die (status, r);
+ rflush(r);
+
+ destroy_pool(r->pool);
+ }
+
request_rec *read_request (conn_rec *conn)
{
request_rec *r = (request_rec *)pcalloc (conn->pool, sizeof(request_rec));
r->connection = conn;
|