httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject Re: worth fixing "read headers forever" issue?
Date Thu, 01 Jan 1998 22:49:32 GMT
I don't think I'd want this in the code unless it is able to return an
error to the client and bail the rest of the request.  Hey Roy, rfc2068 is
lacking a "request headers too large" response.  There's 413 and 414 but
neither applies to this specific case.  Although I suppose this is really
a server error, so a 500 is fine. 

get_mime_headers isn't part of the API so you should be able to change its
return value easily.  Make it static while yer at it ;)

You don't have to eat excess or anything special, you just need to have
die(500, r) be called and let it bail all the way into lingering_close I
think. 

Dean

On Thu, 1 Jan 1998, Marc Slemko wrote:

> On Thu, 1 Jan 1998, Ben Laurie wrote:
> 
> > Marc Slemko wrote:
> > > 
> > > below is a sample of a patch that I would suggest to do this;
> > > parts marked XXX are incomplete but easy to see what they would do.
> > > 
> > > This limits read headers to ~512k.
> > > 
> > > I think this is worthwhile.  Does anyone agree?
> > > 
> > > Index: http_protocol.c
> > > ===================================================================
> > > RCS file: /export/home/cvs/apachen/src/main/http_protocol.c,v
> > > retrieving revision 1.172
> > > diff -u -r1.172 http_protocol.c
> > > --- http_protocol.c     1997/12/26 18:26:59     1.172
> > > +++ http_protocol.c     1998/01/01 22:23:40
> > > @@ -742,7 +742,7 @@
> > >  void get_mime_headers(request_rec *r)
> > >  {
> > >      conn_rec *c = r->connection;
> > > -    int len;
> > > +    int len, total = 0;
> > >      char *value;
> > >      char field[MAX_STRING_LEN];
> > > 
> > > @@ -753,6 +753,11 @@
> > >       */
> > >      while ((len = getline(field, MAX_STRING_LEN, c->client, 1)) > 0)
{
> > > 
> > > +       if (total > 1024*512) { /* XXXX make a define from httpd.h */
> > > +          /* XXXX log error */
> > > +          /* should puke, too bad we can't */
> > > +          return;
> > 
> > Presumably it wouldn't be too hard to return true/false, and puke at a
> > higher level? Also, you should eat the excess (or drop the connection).
> 
> That would just mean changing the function to actually return something; 
> it isn't in the typical situation where you can just return a status code. 
> Just closing the connection from within the subroutine would be crude I
> think. 
> 
> If I did that, I would completely abort it.  Yes, it should eat the excess
> if it doesn't.
> 
> 


Mime
View raw message