Remove compile-time length limit on request strings. Length is

now enforced solely with the LimitRequestLine config directive.

Submitted by:	Paul J. Reder
Reviewed by:	rederpj, jerenkrantz, trawick

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@102887 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index a037d9e41f3665b70ebe08d927265905a7231cc2..0f462ddd5369965989087e3c3e507fa15004f873 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,9 @@
 Changes with Apache 2.0.49
 
+  *) Remove compile-time length limit on request strings. Length is
+     now enforced solely with the LimitRequestLine config directive.
+     [Paul J. Reder]
+
   *) mod_ssl: Send the Close Alert message to the peer before closing
      the SSL session.  PR 27428.  [Madhusudan Mathihalli, Joe Orton]
 

diff --git a/server/core.c b/server/core.c
index 2fda1fb37d1e9b97bf199fa7772791782257e7ef..dba35dd4742dd86705549ae4073acbefb51fe091 100644 (file)
--- a/server/core.c
+++ b/server/core.c
@@ -2446,12 +2446,6 @@ static const char *set_limit_req_line(cmd_parms *cmd, void *dummy,
                            "\" must be a non-negative integer", NULL);
     }
 
-    if (lim > DEFAULT_LIMIT_REQUEST_LINE) {
-        return apr_psprintf(cmd->temp_pool, "LimitRequestLine \"%s\" "
-                            "must not exceed the precompiled maximum of %d",
-                            arg, DEFAULT_LIMIT_REQUEST_LINE);
-    }
-
     cmd->server->limit_req_line = lim;
     return NULL;
 }

diff --git a/server/protocol.c b/server/protocol.c
index 25cc75fa67ded74f6095f1a4ef2f9e9ce413fe16..588dd6dd581759028857755414c787ca7846b60b 100644 (file)
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -578,11 +578,22 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb)
          * if there are empty lines
          */
         r->the_request = NULL;
-        rv = ap_rgetline(&(r->the_request), DEFAULT_LIMIT_REQUEST_LINE + 2,
+        rv = ap_rgetline(&(r->the_request), (apr_size_t)(r->server->limit_req_line + 2),
                          &len, r, 0, bb);
 
         if (rv != APR_SUCCESS) {
             r->request_time = apr_time_now();
+
+            /* ap_rgetline returns APR_ENOSPC if it fills up the
+             * buffer before finding the end-of-line.  This is only going to
+             * happen if it exceeds the configured limit for a request-line.
+             */
+            if (rv == APR_ENOSPC) {
+                r->status    = HTTP_REQUEST_URI_TOO_LARGE;
+                r->proto_num = HTTP_VERSION(1,0);
+                r->protocol  = apr_pstrdup(r->pool, "HTTP/1.0");
+            }
+
             return 0;
         }
     } while ((len <= 0) && (++num_blank_lines < max_blank_lines));
@@ -612,18 +623,6 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb)
 
     ap_parse_uri(r, uri);
 
-    /* ap_getline returns (size of max buffer - 1) if it fills up the
-     * buffer before finding the end-of-line.  This is only going to
-     * happen if it exceeds the configured limit for a request-line.
-     * The cast is safe, limit_req_line cannot be negative
-     */
-    if (len > (apr_size_t)r->server->limit_req_line) {
-        r->status    = HTTP_REQUEST_URI_TOO_LARGE;
-        r->proto_num = HTTP_VERSION(1,0);
-        r->protocol  = apr_pstrdup(r->pool, "HTTP/1.0");
-        return 0;
-    }
-
     if (ll[0]) {
         r->assbackwards = 0;
         pro = ll;
@@ -859,7 +858,7 @@ request_rec *ap_read_request(conn_rec *conn)
     if (!read_request_line(r, tmp_bb)) {
         if (r->status == HTTP_REQUEST_URI_TOO_LARGE) {
             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                          "request failed: URI too long");
+                          "request failed: URI too long (longer than %d)", r->server->limit_req_line);
             ap_send_error_response(r, 0);
             ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
             ap_run_log_transaction(r);