Bug 2038: check reply_body_max_size before ICAP

Use newly added HttpReply::expectedBodyTooLarge() check to support the
reply_body_max_size ACL when the expected body size may be known. The check
is now shared between server and client sides.

The server side needs to do the checks before feeding the data to ICAP.
Otherwise, ICAP service may suck a large response in and spit a small response
out. It was decided that the reply_body_max_size ACL should apply to the
virgin response as well.

The server side does not perform HttpReply::receivedBodyTooLarge() check yet.

diff --git a/src/Server.cc b/src/Server.cc
index 8817d1a1e5d356446db6d17f8d0b492c2eea8b3c..8179112bc34456bb13f5cad54d441141b513e1f5 100644 (file)
--- a/src/Server.cc
+++ b/src/Server.cc
@@ -1,5 +1,5 @@
 /*
- * $Id: Server.cc,v 1.23 2007/09/27 14:34:06 rousskov Exp $
+ * $Id: Server.cc,v 1.24 2008/02/08 18:30:18 rousskov Exp $
  *
  * DEBUG:
  * AUTHOR: Duane Wessels
@@ -640,6 +640,14 @@ ServerStateData::icapAclCheckDone(ICAPServiceRep::Pointer service)
     if (abortOnBadEntry("entry went bad while waiting for ICAP ACL check"))
         return;
 
+    // TODO: Should nonICAP and postICAP path check this on the server-side?
+    // That check now only happens on client-side, in processReplyAccess().
+    if (virginReply()->expectedBodyTooLarge(*request)) {
+        sendBodyIsTooLargeError();
+        return;
+    }
+    // TODO: Should we check received5CBodyTooLarge on the server-side as well?
+
     startedIcap = startIcap(service, originalRequest());
 
     if (!startedIcap && (!service || service->bypass)) {
@@ -671,6 +679,16 @@ ServerStateData::icapAclCheckDoneWrapper(ICAPServiceRep::Pointer service, void *
 }
 #endif
 
+void
+ServerStateData::sendBodyIsTooLargeError()
+{
+    ErrorState *err = errorCon(ERR_TOO_BIG, HTTP_FORBIDDEN, request);
+    err->xerrno = errno;
+    fwd->fail(err);
+    fwd->dontRetry(true);
+    abortTransaction("Virgin body too large.");
+}
+
 // TODO: when HttpStateData sends all errors to ICAP, 
 // we should be able to move this at the end of setVirginReply().
 void

diff --git a/src/Server.h b/src/Server.h
index 5c221be4ff08c0d00098dc0ec84641cdc2474608..a360ed679aaa7725be36516fec0cb60d37ef0dcf 100644 (file)
--- a/src/Server.h
+++ b/src/Server.h
@@ -1,6 +1,6 @@
 
 /*
- * $Id: Server.h,v 1.11 2008/01/07 17:10:22 hno Exp $
+ * $Id: Server.h,v 1.12 2008/02/08 18:30:18 rousskov Exp $
  *
  * AUTHOR: Duane Wessels
  *
@@ -186,6 +186,7 @@ protected:
 
 private:
     void quitIfAllDone(); // successful termination
+    void sendBodyIsTooLargeError();
 
        HttpReply *theVirginReply; // reply received from the origin server
        HttpReply *theFinalReply; // adapted reply from ICAP or virgin reply