Bug 2674: Remove limit on HTTP headers read.

Headers may be accumulated over more than one read. It does not make
sense to limit the internal copy of the accumulated read buffer to 64KB.

Reverts the internal read buffer to MemBuf defaults. This may cause
issues where headers are of unbounded size. But those are expected to be
caught by the header parser.

Check buffer limits before parsing and return error on all bad parse cases.
No exceptions.

diff --git a/src/HttpMsg.cc b/src/HttpMsg.cc
index d9712ccb43b8085e6d3a89c477a46667ce280cf3..8bd6a3bccb87eee5014904710bd5df9941f5024d 100644 (file)
--- a/src/HttpMsg.cc
+++ b/src/HttpMsg.cc
@@ -189,6 +189,7 @@ bool HttpMsg::parse(MemBuf *buf, bool eof, http_status *error)
     if (res == 0) {
         debugs(58, 2, "HttpMsg::parse: strange, need more data near '" <<
                buf->content() << "'");
+        *error = HTTP_INVALID_HEADER;
         return false; // but this should not happen due to headersEnd() above
     }
 

diff --git a/src/client_side.cc b/src/client_side.cc
index 81ba2fe279186460b4b5854230d6c14c9be26b17..dc0a3cc2eea9443da612dd6e92afbabb9cef6774 100755 (executable)
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -1855,6 +1855,17 @@ parseHttpRequest(ConnStateData::Pointer & conn, HttpParser *hp, method_t * metho
     /* pre-set these values to make aborting simpler */
     *method_p = METHOD_NONE;
 
+    /* NP: don't be tempted to move this down or remove again.
+     * It's the only DDoS protection old-String has against long URL */
+    if ( hp->bufsiz <= 0) {
+        debugs(33, 5, "Incomplete request, waiting for end of request line");
+        return NULL;
+    }
+    else if ( (size_t)hp->bufsiz >= Config.maxRequestHeaderSize && headersEnd(hp->buf, Config.maxRequestHeaderSize) == 0) {
+        debugs(33, 5, "parseHttpRequest: Too large request");
+        return parseHttpRequestAbort(conn, "error:request-too-large");
+    }
+
     /* Attempt to parse the first line; this'll define the method, url, version and header begin */
     r = HttpParserParseReqLine(hp);
 

diff --git a/src/http.cc b/src/http.cc
index 4a469038132c1a543a45a5d860c08c5e4aacbc2e..644a8f25682adfa9ea6a20a3699f6e7d5416111a 100644 (file)
--- a/src/http.cc
+++ b/src/http.cc
@@ -85,7 +85,7 @@ HttpStateData::HttpStateData(FwdState *theFwdState) : ServerStateData(theFwdStat
     surrogateNoStore = false;
     fd = fwd->server_fd;
     readBuf = new MemBuf;
-    readBuf->init(4096, SQUID_TCP_SO_RCVBUF);
+    readBuf->init();
     orig_request = HTTPMSGLOCK(fwd->request);
 
     if (fwd->servers)