Limit size of chunked requests (<rdar://problem/23132353>)

git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12915 a1ca3aef-8c08-0410-bb20-df032aa958be

diff --git a/CHANGES-2.1.txt b/CHANGES-2.1.txt
index 43a67f8901000a4e015bac6683bce3b9c251348f..84e3a20b8cf4a4da2acf0770f358300957452516 100644 (file)
--- a/CHANGES-2.1.txt
+++ b/CHANGES-2.1.txt
@@ -4,7 +4,7 @@ CHANGES-2.1.txt
 CHANGES IN CUPS V2.1.1
 
        - Security hardening fixes (<rdar://problem/23131948>,
-         <rdar://problem/23132108>)
+         <rdar://problem/23132108>, <rdar://problem/23132353>)
        - The cupsGetPPD* functions did not work with IPP printers (STR #4725)
        - Some older HP LaserJet printers need a delayed close when printing
          using the libusb-based USB backend (STR #4549)

diff --git a/scheduler/client.c b/scheduler/client.c
index 1221d2c8e976c9258d16c0b269f43659444e8ac7..82997643699accfa708011eec14845496d07f374 100644 (file)
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -1799,6 +1799,20 @@ cupsdReadClient(cupsd_client_t *con)     /* I - Client to read from */
          {
            con->bytes += bytes;
 
+            if (MaxRequestSize > 0 && con->bytes > MaxRequestSize)
+            {
+             close(con->file);
+             con->file = -1;
+             unlink(con->filename);
+             cupsdClearString(&con->filename);
+
+              if (!cupsdSendError(con, HTTP_STATUS_REQUEST_TOO_LARGE, CUPSD_AUTH_NONE))
+             {
+               cupsdCloseClient(con);
+               return;
+             }
+            }
+
             if (write(con->file, line, (size_t)bytes) < bytes)
            {
               cupsdLogClient(con, CUPSD_LOG_ERROR,
@@ -1960,6 +1974,20 @@ cupsdReadClient(cupsd_client_t *con)     /* I - Client to read from */
            {
              con->bytes += bytes;
 
+              if (MaxRequestSize > 0 && con->bytes > MaxRequestSize)
+              {
+                close(con->file);
+                con->file = -1;
+                unlink(con->filename);
+                cupsdClearString(&con->filename);
+
+                if (!cupsdSendError(con, HTTP_STATUS_REQUEST_TOO_LARGE, CUPSD_AUTH_NONE))
+                {
+                  cupsdCloseClient(con);
+                  return;
+                }
+              }
+
               if (write(con->file, line, (size_t)bytes) < bytes)
              {
                cupsdLogClient(con, CUPSD_LOG_ERROR,