httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@algroup.co.uk>
Subject Re: worth fixing "read headers forever" issue?
Date Thu, 01 Jan 1998 22:30:10 GMT
Marc Slemko wrote:
> 
> below is a sample of a patch that I would suggest to do this;
> parts marked XXX are incomplete but easy to see what they would do.
> 
> This limits read headers to ~512k.
> 
> I think this is worthwhile.  Does anyone agree?
> 
> Index: http_protocol.c
> ===================================================================
> RCS file: /export/home/cvs/apachen/src/main/http_protocol.c,v
> retrieving revision 1.172
> diff -u -r1.172 http_protocol.c
> --- http_protocol.c     1997/12/26 18:26:59     1.172
> +++ http_protocol.c     1998/01/01 22:23:40
> @@ -742,7 +742,7 @@
>  void get_mime_headers(request_rec *r)
>  {
>      conn_rec *c = r->connection;
> -    int len;
> +    int len, total = 0;
>      char *value;
>      char field[MAX_STRING_LEN];
> 
> @@ -753,6 +753,11 @@
>       */
>      while ((len = getline(field, MAX_STRING_LEN, c->client, 1)) > 0) {
> 
> +       if (total > 1024*512) { /* XXXX make a define from httpd.h */
> +          /* XXXX log error */
> +          /* should puke, too bad we can't */
> +          return;

Presumably it wouldn't be too hard to return true/false, and puke at a
higher level? Also, you should eat the excess (or drop the connection).

Cheers,

Ben.

-- 
Ben Laurie            |Phone: +44 (181) 735 0686|Apache Group member
Freelance Consultant  |Fax:   +44 (181) 735 0689|http://www.apache.org
and Technical Director|Email: ben@algroup.co.uk |Apache-SSL author
A.L. Digital Ltd,     |http://www.algroup.co.uk/Apache-SSL
London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache

Mime
View raw message