httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ed Korthof ...@organic.com>
Subject Re: [PATCH] log long headers
Date Thu, 27 Feb 1997 21:54:45 GMT
On Wed, 26 Feb 1997, Marc Slemko wrote:

> Right now when we get a header that is too long we just exit.  We should
> return a 414, but that's not overly nice given the current structure.

If this is considered a bug, I've written code which would fix it. 
However, it does seem like a feature... 

<shrug>  The code I use is included below.  Line numbers are probably screwy.

Actually, looking at it now, isn't there a memory leak at
    if (len == (HUGE_STRING_LEN - 1))
        return 0;               /* Should be a 414 error status instead */
since with the zero return from read_request_line, we get
    if (!read_request_line (r)) return NULL;
in read_request, which means the child forgets about this request?

The pool system should mostly compensate that problem, but if
MaxRequestPerChild is set high an attacker or a broken client could bloat
children using this (or so it seems to me).

     -- Ed Korthof        |  Web Server Engineer --
     -- ed@organic.com    |  Organic Online, Inc --
     -- (415) 278-5676    |  Fax: (415) 284-6891 --

*** http_protocol.c.orig	Wed Feb 19 18:00:13 1997
--- http_protocol.c	Thu Feb 20 13:50:37 1997
***************
*** 694,701 ****
--- 704,729 ----
    }
  }
  
+ /* Not good encapsulation, but we need die() in case we decide
+  * to terminate a connection, which can legitamitely happen here.
+  */
+ 
+ extern void die(int, request_rec *);
+ void early_death_for_connection (conn_rec *conn, int status, request_rec * r)
+ {
+     if (!r) { /* this should never happen--but we're 'finished' if it does */
+         return;
+     }
+     r->header_only=0;
+     log_transaction(r);
+     die (status, r);
+     rflush(r);
+ 
+     destroy_pool(r->pool);
+ }
+ 
  request_rec *read_request (conn_rec *conn)
  {
      request_rec *r = (request_rec *)pcalloc (conn->pool, sizeof(request_rec));
  
      r->connection = conn;


Mime
View raw message