From: Amos Jeffries Date: Fri, 24 Jul 2009 12:58:17 +0000 (+1200) Subject: Correct header limit checks. 64KB max is REQUIRED. X-Git-Tag: SQUID_3_2_0_1~851 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7ed7d3da3fcbeea7460ebe6f56001ba136d54b29;p=thirdparty%2Fsquid.git Correct header limit checks. 64KB max is REQUIRED. This fixes a few issues with too-long URLs or request headers. Also one issue with too-long reply headers. TODO: unit-tests to follow. --- diff --git a/src/HttpMsg.cc b/src/HttpMsg.cc index 0132de9e49..2828466bac 100644 --- a/src/HttpMsg.cc +++ b/src/HttpMsg.cc @@ -154,7 +154,7 @@ bool HttpMsg::parse(MemBuf *buf, bool eof, http_status *error) const size_t hdr_len = headersEnd(buf->content(), buf->contentSize()); // TODO: move to httpReplyParseStep() - if (hdr_len > Config.maxReplyHeaderSize || (hdr_len <= 0 && (size_t)buf->contentSize() > Config.maxReplyHeaderSize)) { + if (hdr_len >= Config.maxReplyHeaderSize || (hdr_len <= 0 && (size_t)buf->contentSize() > Config.maxReplyHeaderSize)) { debugs(58, 1, "HttpMsg::parse: Too large reply header (" << hdr_len << " > " << Config.maxReplyHeaderSize); *error = HTTP_HEADER_TOO_LARGE; diff --git a/src/client_side.cc b/src/client_side.cc index 4aab181d8b..bb94a08d73 100644 --- a/src/client_side.cc +++ b/src/client_side.cc @@ -1931,6 +1931,17 @@ parseHttpRequest(ConnStateData *conn, HttpParser *hp, HttpRequestMethod * method /* pre-set these values to make aborting simpler */ *method_p = METHOD_NONE; + /* NP: don't be tempted to move this down or remove again. + * It's the only DDoS protection old-String has against long URL */ + if ( hp->bufsiz <= 0) { + debugs(33, 5, "Incomplete request, waiting for end of request line"); + return NULL; + } + else if ( hp->bufsiz >= Config.maxRequestHeaderSize && (req_sz = headersEnd(hp->buf, Config.maxRequestHeaderSize)) == 0) { + debugs(33, 5, "parseHttpRequest: Too large request"); + return parseHttpRequestAbort(conn, "error:request-too-large"); + } + /* Attempt to parse the first line; this'll define the method, url, version and header begin */ r = HttpParserParseReqLine(hp);