httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@worldgate.com>
Subject Re: worth fixing "read headers forever" issue?
Date Thu, 01 Jan 1998 22:34:26 GMT
On Thu, 1 Jan 1998, Ben Laurie wrote:

> Marc Slemko wrote:
> > 
> > below is a sample of a patch that I would suggest to do this;
> > parts marked XXX are incomplete but easy to see what they would do.
> > 
> > This limits read headers to ~512k.
> > 
> > I think this is worthwhile.  Does anyone agree?
> > 
> > Index: http_protocol.c
> > ===================================================================
> > RCS file: /export/home/cvs/apachen/src/main/http_protocol.c,v
> > retrieving revision 1.172
> > diff -u -r1.172 http_protocol.c
> > --- http_protocol.c     1997/12/26 18:26:59     1.172
> > +++ http_protocol.c     1998/01/01 22:23:40
> > @@ -742,7 +742,7 @@
> >  void get_mime_headers(request_rec *r)
> >  {
> >      conn_rec *c = r->connection;
> > -    int len;
> > +    int len, total = 0;
> >      char *value;
> >      char field[MAX_STRING_LEN];
> > 
> > @@ -753,6 +753,11 @@
> >       */
> >      while ((len = getline(field, MAX_STRING_LEN, c->client, 1)) > 0) {
> > 
> > +       if (total > 1024*512) { /* XXXX make a define from httpd.h */
> > +          /* XXXX log error */
> > +          /* should puke, too bad we can't */
> > +          return;
> 
> Presumably it wouldn't be too hard to return true/false, and puke at a
> higher level? Also, you should eat the excess (or drop the connection).

That would just mean changing the function to actually return something; 
it isn't in the typical situation where you can just return a status code. 
Just closing the connection from within the subroutine would be crude I
think. 

If I did that, I would completely abort it.  Yes, it should eat the excess
if it doesn't.


Mime
View raw message