Re: [naviserver-devel] maxinput/maxpost: why both?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Am 16.06.2005 um 19:40 schrieb Vlad Seryakov:

> It looks like maxpost just checks Content-Length: header, it is not  
> hard limit like maxinput which limits the real memory buffer for  
> uploaded content.
>

As I see, the maxpost test can be easily dwarfed by somebody giving the
content-length of -1 (or less). In that case the code in SockRead()
at the line 1481 will just ignore the maxpost setting:

             s = Ns_SetIGet(reqPtr->headers, "content-length");
             if (s != NULL) {
                 reqPtr->length = atoi(s);
                 if (reqPtr->length < 0
                     && reqPtr->length > sockPtr->drvPtr->servPtr- 
 >limits.maxpost) {
                     return SOCK_ERROR;
                 }
             }

See? If the content-length is set to some other meaningful value (>=  
0) then the
test is OK. But if not, then maxinput is really useless.
I would suggest we simply junk the maxpost knob and rely on the  
maxinput only.
This will make life easier.

Zoran

Re: [naviserver-devel] maxinput/maxpost: why both?

NaviServer, a high performance web server written in C and Tcl

Re: [naviserver-devel] maxinput/maxpost: why both?