From: Amos Jeffries <squid3@treenet.co.nz>
Date: Fri, 17 Dec 2010 05:46:37 +0000 (-0700)
Subject: Add docs and prevent parse loops on client_request_buffer_max
X-Git-Tag: take00~30
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1f771fedfcbf32cddeb83fe51bb698c8c0d7b4bc;p=thirdparty%2Fsquid.git

Add docs and prevent parse loops on client_request_buffer_max
---

diff --git a/doc/release-notes/release-3.1.sgml b/doc/release-notes/release-3.1.sgml
index ddada7356e..7bd27de98d 100644
--- a/doc/release-notes/release-3.1.sgml
+++ b/doc/release-notes/release-3.1.sgml
@@ -563,6 +563,10 @@ This section gives a thorough account of those changes in three categories:
 	direct client address in delay pools.
 	</verb>
 
+	<tag>client_request_buffer_max_size</tag>
+	<p>New directive added with squid-3.1.10 to set limits on the amount of buffer space allocated
+	for receiving upload and request data from clients.
+
         <tag>dns_v4_fallback</tag>
         <p>New option to prevent Squid from always looking up IPv4 regardless of whether IPv6 addresses are found.
            Squid will follow a policy of prefering IPv6 links, keeping the IPv4 only as a safety net behind IPv6.
diff --git a/src/cache_cf.cc b/src/cache_cf.cc
index 82c9317883..5fb2e0026c 100644
--- a/src/cache_cf.cc
+++ b/src/cache_cf.cc
@@ -908,6 +908,14 @@ configDoConfigure(void)
     }
 
 #endif
+
+    // prevent infinite fetch loops in the request parser
+    // due to buffer full but not enough data recived to finish parse
+    if (Config.maxRequestBufferSize <= Config.maxRequestHeaderSize) {
+        fatalf("Client request buffer of %d bytes cannot hold a request with %d bytes of headers." \
+               " Change client_request_buffer_max or request_header_max_size limits.",
+               Config.maxRequestBufferSize, Config.maxRequestHeaderSize);
+    }
 }
 
 /** Parse a line containing an obsolete directive.