Thread: RE: [Havp-devel] MAXSCANSIZE patch for 0.72
Status: Beta
Brought to you by:
havp
From: Christian H. <hi...@mu...> - 2005-10-17 17:54:25
|
Hi, > -----Original Message----- > From: hav...@li... > [mailto:hav...@li...] On Behalf Of > Henrik Krohns > Sent: Tuesday, October 11, 2005 11:11 PM > To: hav...@li...; chr...@hi... > Subject: [Havp-devel] MAXSCANSIZE patch for 0.72 > > > Hello, > > there are some problems in 0.72. Even if you download bigger > than MAXSCANSIZE, > tempfiles grow. > > Here is a patch that makes it work properly. > > http://hege.li/havp/havp-0.72-maxscan.diff I just did a short check of your patch. Did you tust the Content-Length of the server header. In my implementiation I do not. So I grow the file on the harddisk to MAXSCANSIZE no matter what Content-Length in the Server Header says. I guess this is more save. I hope I read your patch right. Otherwise let me know. > P.S. There is still a minor typo.. proxyhandler.cpp line 255 > ToServer.Getresponse() != -302 #this should be 302 I guess with 302 the Server sends a body. First I usesd 302 but I had problems so I disabled it by -302. I guess the statement can be cleaned. Christian |
From: Henrik K. <ha...@he...> - 2005-10-17 19:29:06
|
On Mon, Oct 17, 2005 at 07:53:27PM +0200, Christian Hilgers wrote: > Hi, > > I just did a short check of your patch. Did you tust the Content-Length of > the server header. > In my implementiation I do not. So I grow the file on the harddisk to > MAXSCANSIZE no matter what Content-Length in the Server Header says. I guess > this is more save. > > I hope I read your patch right. Otherwise let me know. Oops, you are right. Someone could send less data than Content-Length and contain a virus. My patch can be deleted. I'm not sure what should be done if you receive more than Content-Length. Probably should drop it.. that could be done by removing ScannerOff check from body size check. There is one minor bug anyway. If a page is whitelisted, I think SetFileSize is called unnecessarily. --- proxyhandler.cpp Sun Oct 2 19:47:37 2005 +++ proxyhandler.cpp Mon Oct 17 22:14:28 2005 @@ -237,7 +237,7 @@ ContentLengthReference = ToServer.GetContentLength( ); //Also check if file is too large for scanning - if ( ( ContentLengthReference > 0 ) && ( ( ContentLengthReference < maxscansize ) || (maxscansize == 0) ) ) + if ( (ScannerOff != true ) && ( ContentLengthReference > 0 ) && ( ( ContentLengthReference < maxscansize ) || (maxscansize == 0) ) ) { unlock = true; //Set tempfile to right size Cheers, Henrik |