Thread: RE: [Havp-devel] MAXSCANSIZE patch for 0.72
Status: Beta
Brought to you by:
havp
Menu
▾
▴
havp-devel
|
From: Christian H. <hi...@mu...> - 2005-10-17 17:54:25
|
Hi, > -----Original Message----- > From: hav...@li... > [mailto:hav...@li...] On Behalf Of > Henrik Krohns > Sent: Tuesday, October 11, 2005 11:11 PM > To: hav...@li...; chr...@hi... > Subject: [Havp-devel] MAXSCANSIZE patch for 0.72 > > > Hello, > > there are some problems in 0.72. Even if you download bigger > than MAXSCANSIZE, > tempfiles grow. > > Here is a patch that makes it work properly. > > http://hege.li/havp/havp-0.72-maxscan.diff I just did a short check of your patch. Did you tust the Content-Length of the server header. In my implementiation I do not. So I grow the file on the harddisk to MAXSCANSIZE no matter what Content-Length in the Server Header says. I guess this is more save. I hope I read your patch right. Otherwise let me know. > P.S. There is still a minor typo.. proxyhandler.cpp line 255 > ToServer.Getresponse() != -302 #this should be 302 I guess with 302 the Server sends a body. First I usesd 302 but I had problems so I disabled it by -302. I guess the statement can be cleaned. Christian |
|
From: Henrik K. <ha...@he...> - 2005-10-17 19:29:06
|
On Mon, Oct 17, 2005 at 07:53:27PM +0200, Christian Hilgers wrote:
> Hi,
>
> I just did a short check of your patch. Did you tust the Content-Length of
> the server header.
> In my implementiation I do not. So I grow the file on the harddisk to
> MAXSCANSIZE no matter what Content-Length in the Server Header says. I guess
> this is more save.
>
> I hope I read your patch right. Otherwise let me know.
Oops, you are right. Someone could send less data than Content-Length and
contain a virus. My patch can be deleted.
I'm not sure what should be done if you receive more than Content-Length.
Probably should drop it.. that could be done by removing ScannerOff check
from body size check.
There is one minor bug anyway. If a page is whitelisted, I think SetFileSize
is called unnecessarily.
--- proxyhandler.cpp Sun Oct 2 19:47:37 2005
+++ proxyhandler.cpp Mon Oct 17 22:14:28 2005
@@ -237,7 +237,7 @@
ContentLengthReference = ToServer.GetContentLength( );
//Also check if file is too large for scanning
- if ( ( ContentLengthReference > 0 ) && ( ( ContentLengthReference < maxscansize ) || (maxscansize == 0) ) )
+ if ( (ScannerOff != true ) && ( ContentLengthReference > 0 ) && ( ( ContentLengthReference < maxscansize ) || (maxscansize == 0) ) )
{
unlock = true;
//Set tempfile to right size
Cheers,
Henrik
|
Thanks for helping keep SourceForge clean.
X