Bug #899: request_header_max_size configuration option doesn't work correctly

This patch enforced the request_header_max_size directive even if the
internal buffer size can accomodate larger requests, and increases the
default limit from 10 KB to 20 KB to compensate for the stricter checking.

diff --git a/src/cf.data.pre b/src/cf.data.pre
index 3ff6dc186c4453be513dfd682459392a431bcd7e..32b71c189aeee9ad679d680a284507ace1382646 100644 (file)
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -1,6 +1,6 @@
 
 #
-# $Id: cf.data.pre,v 1.356 2004/09/26 21:35:41 hno Exp $
+# $Id: cf.data.pre,v 1.357 2004/09/26 21:40:29 hno Exp $
 #
 #
 # SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -2016,7 +2016,7 @@ DOC_END
 NAME: request_header_max_size
 COMMENT: (KB)
 TYPE: b_size_t
-DEFAULT: 10 KB
+DEFAULT: 20 KB
 LOC: Config.maxRequestHeaderSize
 DOC_START
        This specifies the maximum size for HTTP headers in a request.

diff --git a/src/client_side.cc b/src/client_side.cc
index 222908c60e19aeae4d32964996e4a017fdfea46a..9bc0ff07c7ab996618f9cdd13266a9dffc7fe688 100644 (file)
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: client_side.cc,v 1.671 2004/08/30 03:28:58 robertc Exp $
+ * $Id: client_side.cc,v 1.672 2004/09/26 21:40:29 hno Exp $
  *
  * DEBUG: section 33    Client-side Routines
  * AUTHOR: Duane Wessels
@@ -1897,6 +1897,14 @@ parseHttpRequest(ConnStateData::Pointer & conn, method_t * method_p,
     if (http_version)
         http_version = inbuf + (http_version - conn->in.buf);
 
+    /* Enforce max_request_size */
+
+    if (req_sz >= Config.maxRequestHeaderSize) {
+        debug(33, 5) ("parseHttpRequest: Too large request\n");
+        xfree(inbuf);
+        return parseHttpRequestAbort(conn, "error:request-too-large");
+    }
+
     /* Barf on NULL characters in the headers */
     if (strlen(inbuf) != req_sz) {
         debug(33, 1) ("parseHttpRequest: Requestheader contains NULL characters\n");