]> git.ipfire.org Git - thirdparty/squid.git/commitdiff
projects / thirdparty / squid.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4741655)
Bug 2038: check reply_body_max_size before ICAP
authorrousskov <>
Sat, 9 Feb 2008 01:31:02 +0000 (01:31 +0000)
committerrousskov <>
Sat, 9 Feb 2008 01:31:02 +0000 (01:31 +0000)
Use newly added HttpReply::*BodyTooLarge() checks to support the
reply_body_max_size ACL when the expected body size may be known and when more
body data is coming. The checks are now shared between server and client
sides.

The server side needs to do the checks before feeding the data to ICAP.
Otherwise, ICAP service may suck a large response in and spit a small response
out. It was decided that the reply_body_max_size ACL should apply to the
virgin response as well.

The server side does not perform receivedBodyTooLarge check yet.

src/client_side_reply.cc patch | blob | blame | history
src/client_side_reply.h patch | blob | blame | history

diff --git a/src/client_side_reply.cc b/src/client_side_reply.cc
index ed9dd75e580d248d9db88d072042671c2fc0a519..bcd5d89f69d438d22c8925a810573296e252de2f 100644 (file)
--- a/src/client_side_reply.cc
+++ b/src/client_side_reply.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: client_side_reply.cc,v 1.151 2008/02/03 10:00:30 amosjeffries Exp $
+ * $Id: client_side_reply.cc,v 1.152 2008/02/08 18:31:02 rousskov Exp $
  *
  * DEBUG: section 88    Client-side Reply Routines
  * AUTHOR: Robert Collins (Originally Duane Wessels in client_side.c)
@@ -1160,7 +1160,8 @@ clientReplyContext::replyStatus()
         return STREAM_UNPLANNED_COMPLETE;
     }
 
-    if (http->isReplyBodyTooLarge(http->out.offset - 4096)) {
+    // XXX: Should this be checked earlier? We could return above w/o checking.
+    if (reply->receivedBodyTooLarge(*http->request, http->out.offset - 4096)) {
         /* 4096 is a margin for the HTTP headers included in out.offset */
         debugs(88, 5, "clientReplyStatus: client reply body is too large");
         return STREAM_FAILED;
@@ -1749,57 +1750,34 @@ clientReplyContext::startSendProcess()
                     tempBuffer, SendMoreData, this);
 }
 
-/*
- * Calculates the maximum size allowed for an HTTP response
- */
 void
-clientReplyContext::buildMaxBodySize(HttpReply * reply)
+clientReplyContext::sendBodyTooLargeError()
 {
-    acl_size_t *l = Config.ReplyBodySize;
-    ACLChecklist *ch;
-
-    if (http->logType == LOG_TCP_DENIED)
-        return;
-
-    ch = clientAclChecklistCreate(NULL, http);
-
-    ch->reply = HTTPMSGLOCK(reply);
-
-    for (l = Config.ReplyBodySize; l; l = l -> next) {
-        if (ch->matchAclListFast(l->aclList)) {
-            if (l->size != -1) {
-                debugs(58, 3, "clientReplyContext: Setting maxBodySize to " <<  l->size);
-                http->maxReplyBodySize(l->size);
-            }
-
-            break;
-        }
-    }
-
-    delete ch;
+    IPAddress tmp_noaddr; tmp_noaddr.SetNoAddr(); // TODO: make a global const
+    ErrorState *err = clientBuildError(ERR_TOO_BIG, HTTP_FORBIDDEN, NULL,
+        http->getConn() != NULL ? http->getConn()->peer : tmp_noaddr,
+        http->request);
+    removeClientStoreReference(&(sc), http);
+    HTTPMSGUNLOCK(reply);
+    startError(err);
+    
 }
 
 void
 clientReplyContext::processReplyAccess ()
 {
     assert(reply);
-    buildMaxBodySize(reply);
-
     /* Dont't block our own responses or HTTP status messages */
-    if (http->logType == LOG_TCP_DENIED || http->logType == LOG_TCP_DENIED_REPLY || alwaysAllowResponse(reply->sline.status)) {
+    if (http->logType == LOG_TCP_DENIED ||
+        http->logType == LOG_TCP_DENIED_REPLY ||
+        alwaysAllowResponse(reply->sline.status)) {
         headers_sz = reply->hdr_sz;
        processReplyAccessResult(1);
        return;
     }
-
-    if (http->isReplyBodyTooLarge(reply->content_length)) {
-        IPAddress tmp_noaddr; tmp_noaddr.SetNoAddr();
-        ErrorState *err = clientBuildError(ERR_TOO_BIG, HTTP_FORBIDDEN, NULL,
-                                           http->getConn() != NULL ? http->getConn()->peer : tmp_noaddr,
-                                           http->request);
-        removeClientStoreReference(&sc, http);
-        HTTPMSGUNLOCK(reply);
-        startError(err);
+    
+    if (reply->expectedBodyTooLarge(*http->request)) {
+        sendBodyTooLargeError();
         return;
     }
 
diff --git a/src/client_side_reply.h b/src/client_side_reply.h
index cb70baf01d0a45b91b877851bd316024f4d87b20..a69d011106281c64c8ad0f253f95201c1c88a942 100644 (file)
--- a/src/client_side_reply.h
+++ b/src/client_side_reply.h
@@ -1,6 +1,6 @@
 
 /*
- * $Id: client_side_reply.h,v 1.20 2008/01/20 08:54:28 amosjeffries Exp $
+ * $Id: client_side_reply.h,v 1.21 2008/02/08 18:31:02 rousskov Exp $
  *
  *
  * SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -142,9 +142,9 @@ private:
     void sendMoreData(StoreIOBuffer result);
     void triggerInitialStoreRead();
     void sendClientOldEntry();
-    void buildMaxBodySize(HttpReply * reply);
     void purgeAllCached();
 
+    void sendBodyTooLargeError();
 
     StoreEntry *old_entry;
     store_client *old_sc;      /* ... for entry to be validated */
Mirror of https://github.com/squid-cache/squid.git