File 0270-max_content_length2.patch of Package sblim-sfcb
diff -up ./control.c.orig ./control.c
--- ./control.c.orig 2008-12-04 14:48:47.000000000 -0700
+++ ./control.c 2008-12-04 14:45:33.000000000 -0700
@@ -109,7 +109,7 @@ Control init[] = {
{"traceLevel", 1, "0"},
{"traceMask", 1, "0"},
- {"httpMaxContentLength", 1, "0"},
+ {"httpMaxContentLength", 1, "100000000"},
};
void sunsetControl()
@@ -236,6 +236,25 @@ int getControlNum(char *id, long *val)
return rc;
}
+int getControlUNum(char *id, unsigned int *val)
+{
+ Control *ctl;
+ int rc = -1;
+ if ((ctl = ct->ft->get(ct, id))) {
+ if (ctl->type == 1 && isdigit(ctl->strValue[0])) {
+ unsigned long tmp = strtoul(ctl->strValue,NULL,0);
+ if (tmp < UINT_MAX)
+ {
+ *val = tmp;
+ return 0;
+ }
+ }
+ rc = -2;
+ }
+ *val = 0;
+ return rc;
+}
+
int getControlBool(char *id, int *val)
{
Control *ctl;
diff -up ./control.h.orig ./control.h
--- ./control.h.orig 2008-12-04 14:48:52.000000000 -0700
+++ ./control.h 2008-12-04 14:31:20.000000000 -0700
@@ -25,6 +25,7 @@ int setupControl(char *fn);
void sunsetControl();
int getControlChars(char *id, char **val);
int getControlNum(char *id, long *val);
+int getControlUNum(char *id, unsigned int *val);
int getControlBool(char *id, int *val);
#endif
diff -up ./httpAdapter.c.orig ./httpAdapter.c
--- ./httpAdapter.c.orig 2008-12-04 14:48:33.000000000 -0700
+++ ./httpAdapter.c 2008-12-04 14:54:19.000000000 -0700
@@ -120,7 +120,9 @@ typedef int (*Authenticate)(char* princi
typedef struct _buffer {
char *data, *content;
- int length, size, ptr, content_length,trailers;
+ int length, size, ptr;
+ unsigned int content_length;
+ int trailers;
char *httpHdr, *authorization, *content_type, *host, *useragent;
char *principal;
char *protocol;
@@ -372,7 +374,7 @@ static int readData(CommHndl conn_fd, ch
static int getPayload(CommHndl conn_fd, Buffer * b)
{
- int c = b->length - b->ptr;
+ unsigned int c = b->length - b->ptr;
int rc = 0;
b->content = (char *) malloc(b->content_length + 8);
if (c) memcpy(b->content, (b->data) + b->ptr, c);
@@ -692,7 +694,8 @@ static int doHttpRequest(CommHndl conn_f
Buffer inBuf = { NULL, NULL, 0, 0, 0, 0, 0 ,0};
RespSegments response;
static RespSegments nullResponse = { NULL, 0, 0, NULL, { {0, NULL} } };
- int len, hl, rc,uset=0;
+ unsigned long len;
+ int hl, rc,uset=0;
char *hdr, *path;
int discardInput=0;
MsgSegment msgs[2];
@@ -711,7 +714,7 @@ static int doHttpRequest(CommHndl conn_f
inBuf.authorization = "";
inBuf.protocol="HTTP/1.1";
inBuf.content_type = NULL;
- inBuf.content_length = -1;
+ inBuf.content_length = UINT_MAX;
inBuf.host = NULL;
inBuf.useragent = "";
int badReq = 0;
@@ -783,15 +786,29 @@ static int doHttpRequest(CommHndl conn_f
else if (strncasecmp(hdr, "Content-Length:", 15) == 0) {
cp = &hdr[15];
cp += strspn(cp, " \t");
- inBuf.content_length = atol(cp);
- int maxLen;
- getControlNum("httpMaxContentLength", &maxLen);
- if((maxLen) && (inBuf.content_length > maxLen)) {
+ if (cp[0] == '-')
+ {
+ genError(conn_fd, &inBuf, 400, "Negative Content-Length", NULL);
+ _SFCB_TRACE(1, ("--- exiting: content-length too big"));
+ commClose(conn_fd);
+ exit(1);
+ }
+ unsigned long clen = strtoul(cp, NULL, 0);
+ unsigned int maxLen;
+ if (getControlUNum("httpMaxContentLength", &maxLen) != 0)
+ {
+ genError(conn_fd, &inBuf, 501, "Server misconfigured (httpMaxContentLength)", NULL);
+ _SFCB_TRACE(1, ("--- exiting: bad config httpMaxContentLength"));
+ commClose(conn_fd);
+ exit(1);
+ }
+ if((clen >= UINT_MAX) || ((maxLen) && (clen > maxLen))) {
genError(conn_fd, &inBuf, 413, "Request Entity Too Large", NULL);
_SFCB_TRACE(1, ("--- exiting: content-length too big"));
commClose(conn_fd);
exit(1);
}
+ inBuf.content_length = clen;
}
else if (strncasecmp(hdr, "Content-Type:", 13) == 0) {
cp = &hdr[13];
@@ -876,7 +893,7 @@ static int doHttpRequest(CommHndl conn_f
}
len = inBuf.content_length;
- if (len < 0) {
+ if (len == UINT_MAX) {
if (!discardInput) {
genError(conn_fd, &inBuf, 411, "Length Required", NULL);
}
