httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@worldgate.com>
Subject Re: worth fixing "read headers forever" issue?
Date Thu, 01 Jan 1998 22:26:30 GMT
below is a sample of a patch that I would suggest to do this;
parts marked XXX are incomplete but easy to see what they would do.

This limits read headers to ~512k.

I think this is worthwhile.  Does anyone agree?

Index: http_protocol.c
===================================================================
RCS file: /export/home/cvs/apachen/src/main/http_protocol.c,v
retrieving revision 1.172
diff -u -r1.172 http_protocol.c
--- http_protocol.c     1997/12/26 18:26:59     1.172
+++ http_protocol.c     1998/01/01 22:23:40
@@ -742,7 +742,7 @@
 void get_mime_headers(request_rec *r)
 {
     conn_rec *c = r->connection;
-    int len;
+    int len, total = 0;
     char *value;
     char field[MAX_STRING_LEN];
 
@@ -753,6 +753,11 @@
      */
     while ((len = getline(field, MAX_STRING_LEN, c->client, 1)) > 0) {
 
+       if (total > 1024*512) { /* XXXX make a define from httpd.h */
+          /* XXXX log error */
+          /* should puke, too bad we can't */
+          return;
+       }
         if (!(value = strchr(field, ':')))      /* Find the colon separator */
             continue;           /* or should puke 400 here */
 
@@ -762,6 +767,7 @@
             ++value;            /* Skip to start of value   */
 
         table_merge(r->headers_in, field, value);
+       total += len;
     }
 }
 



Mime
View raw message