[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] 06/06: parse_connection_headers(): report if client payl
From: |
gnunet |
Subject: |
[libmicrohttpd] 06/06: parse_connection_headers(): report if client payload is too large. |
Date: |
Wed, 24 Nov 2021 19:57:15 +0100 |
This is an automated email from the git hooks/post-receive script.
karlson2k pushed a commit to branch master
in repository libmicrohttpd.
commit 385b4df1b9e8b5dc625debd38dc5c7e3538b89e0
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Wed Nov 24 17:07:42 2021 +0300
parse_connection_headers(): report if client payload is too large.
Request payload with sizes larger than 16 EiB (exabytes) are technically
valid, but cannot be processed by MHD. Now they are rejected
with 413 HTTP code.
---
src/microhttpd/connection.c | 40 +++++++++++++++++++++++++++++++++-------
1 file changed, 33 insertions(+), 7 deletions(-)
diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c
index 93b484e9..a009cddf 100644
--- a/src/microhttpd/connection.c
+++ b/src/microhttpd/connection.c
@@ -124,6 +124,17 @@
#define REQUEST_CHUNK_TOO_LARGE ""
#endif
+/**
+ * Response text used when the request HTTP content is too large.
+ */
+#ifdef HAVE_MESSAGES
+#define REQUEST_CONTENTLENGTH_TOOLARGE \
+ "<html><head><title>Request content too large</title></head>" \
+ "<body>Your HTTP request has too large value for <b>Content-Length</b>
header.</body></html>"
+#else
+#define REQUEST_CONTENTLENGTH_TOOLARGE ""
+#endif
+
/**
* Response text used when the request HTTP chunked encoding is
* malformed.
@@ -3600,15 +3611,30 @@ parse_connection_headers (struct MHD_Connection
*connection)
(0 == num_digits) )
{
connection->remaining_upload_size = 0;
+ if ((0 == num_digits) &&
+ (0 != val_len) &&
+ ('0' <= clen[0]) && ('9' >= clen[0]))
+ {
#ifdef HAVE_MESSAGES
- MHD_DLOG (connection->daemon,
- _ (
- "Failed to parse `Content-Length' header. Closing
connection.\n"));
+ MHD_DLOG (connection->daemon,
+ _ ("Too large value of 'Content-Length' header. " \
+ "Closing connection.\n"));
#endif
- transmit_error_response_static (connection,
- MHD_HTTP_BAD_REQUEST,
- REQUEST_CONTENTLENGTH_MALFORMED);
- return;
+ transmit_error_response_static (connection,
+ MHD_HTTP_CONTENT_TOO_LARGE,
+ REQUEST_CONTENTLENGTH_TOOLARGE);
+ }
+ else
+ {
+#ifdef HAVE_MESSAGES
+ MHD_DLOG (connection->daemon,
+ _ ("Failed to parse `Content-Length' header. " \
+ "Closing connection.\n"));
+#endif
+ transmit_error_response_static (connection,
+ MHD_HTTP_BAD_REQUEST,
+ REQUEST_CONTENTLENGTH_MALFORMED);
+ }
}
}
}
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [libmicrohttpd] branch master updated (ad9fc5c6 -> 385b4df1), gnunet, 2021/11/24
- [libmicrohttpd] 04/06: parse_connection_headers(): simplified 'Content-Length' processing, gnunet, 2021/11/24
- [libmicrohttpd] 02/06: process_request_body(): fixed: do allow sizes with more than 16 digits, gnunet, 2021/11/24
- [libmicrohttpd] 01/06: process_request_body(): fixed one byte buffer overrun, gnunet, 2021/11/24
- [libmicrohttpd] 03/06: process_request_body(): rewritten chunk size detection; fixes, gnunet, 2021/11/24
- [libmicrohttpd] 05/06: Fixed builds without messages, gnunet, 2021/11/24
- [libmicrohttpd] 06/06: parse_connection_headers(): report if client payload is too large.,
gnunet <=