From: Nick M. <ni...@us...> - 2010-12-07 16:46:18
|
Author: Constantine Verutin <cve...@gm...> Date: Tue, 7 Dec 2010 11:43:52 -0500 Subject: Reject overlong http requests early when Expect:100-continue is set Commit: d23839fc6e30e265e139d763d7155b14934bab0a --- http.c | 5 +++++ include/event2/http.h | 1 + test/regress_http.c | 18 ++++++++++++++++++ 3 files changed, 24 insertions(+), 0 deletions(-) diff --git a/http.c b/http.c index 8bc6db1..70de30a 100644 --- a/http.c +++ b/http.c @@ -1846,6 +1846,11 @@ evhttp_get_body(struct evhttp_connection *evcon, struct evhttp_request *req) no, we should respond with an error. For now, just optimistically tell the client to send their message body. */ + if (req->ntoread > req->evcon->max_body_size) { + evhttp_send_error(req, HTTP_ENTITYTOOLARGE, + NULL); + return; + } if (!evbuffer_get_length(bufferevent_get_input(evcon->bufev))) evhttp_send_continue(evcon, req); } else { diff --git a/include/event2/http.h b/include/event2/http.h index 5492ac3..69f32ef 100644 --- a/include/event2/http.h +++ b/include/event2/http.h @@ -58,6 +58,7 @@ struct event_base; #define HTTP_BADREQUEST 400 /**< invalid http request was made */ #define HTTP_NOTFOUND 404 /**< could not find content for uri */ #define HTTP_BADMETHOD 405 /**< method not allowed for this uri */ +#define HTTP_ENTITYTOOLARGE 413 /**< */ #define HTTP_EXPECTATIONFAILED 417 /**< we can't handle this expectation */ #define HTTP_INTERNAL 500 /**< internal error */ #define HTTP_NOTIMPLEMENTED 501 /**< not implemented */ diff --git a/test/regress_http.c b/test/regress_http.c index 0d8395b..349dbee 100644 --- a/test/regress_http.c +++ b/test/regress_http.c @@ -3274,6 +3274,15 @@ end: } static void +http_large_entity_test_done(struct evhttp_request *req, void *arg) +{ + tt_assert(req); + tt_int_op(evhttp_request_get_response_code(req), ==, HTTP_ENTITYTOOLARGE); +end: + event_base_loopexit(arg, NULL); +} + +static void http_data_length_constraints_test(void *arg) { struct basic_test_data *data = arg; @@ -3331,6 +3340,15 @@ http_data_length_constraints_test(void *arg) } event_base_dispatch(data->base); + req = evhttp_request_new(http_large_entity_test_done, data->base); + evhttp_add_header(evhttp_request_get_output_headers(req), "Host", "somehost"); + evhttp_add_header(evhttp_request_get_output_headers(req), "Expect", "100-continue"); + evbuffer_add_printf(evhttp_request_get_output_buffer(req), "%s", long_str); + if (evhttp_make_request(evcon, req, EVHTTP_REQ_POST, "/") == -1) { + tt_abort_msg("Couldn't make request"); + } + event_base_dispatch(data->base); + test_ok = 1; end: if (evcon) -- 1.7.0.1 |