From: Amos Jeffries <squid3@treenet.co.nz>
Date: Sun, 26 Jul 2009 10:54:29 +0000 (+1200)
Subject: Bug 2674: Remove limit on HTTP headers read.
X-Git-Tag: SQUID_3_0_STABLE17~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=37379710cf804fdef8c8cc000ccbc64980d46796;p=thirdparty%2Fsquid.git

Bug 2674: Remove limit on HTTP headers read.

Headers may be accumulated over more than one read. It does not make
sense to limit the internal copy of the accumulated read buffer to 64KB.

Reverts the internal read buffer to MemBuf defaults. This may cause
issues where headers are of unbounded size. But those are expected to be
caught by the header parser.

Check buffer limits before parsing and return error on all bad parse cases.
No exceptions.
---

diff --git a/src/HttpMsg.cc b/src/HttpMsg.cc
index d9712ccb43..8bd6a3bccb 100644
--- a/src/HttpMsg.cc
+++ b/src/HttpMsg.cc
@@ -189,6 +189,7 @@ bool HttpMsg::parse(MemBuf *buf, bool eof, http_status *error)
     if (res == 0) {
         debugs(58, 2, "HttpMsg::parse: strange, need more data near '" <<
                buf->content() << "'");
+        *error = HTTP_INVALID_HEADER;
         return false; // but this should not happen due to headersEnd() above
     }
 
diff --git a/src/client_side.cc b/src/client_side.cc
index 81ba2fe279..dc0a3cc2ee 100755
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -1855,6 +1855,17 @@ parseHttpRequest(ConnStateData::Pointer & conn, HttpParser *hp, method_t * metho
     /* pre-set these values to make aborting simpler */
     *method_p = METHOD_NONE;
 
+    /* NP: don't be tempted to move this down or remove again.
+     * It's the only DDoS protection old-String has against long URL */
+    if ( hp->bufsiz <= 0) {
+        debugs(33, 5, "Incomplete request, waiting for end of request line");
+        return NULL;
+    }
+    else if ( (size_t)hp->bufsiz >= Config.maxRequestHeaderSize && headersEnd(hp->buf, Config.maxRequestHeaderSize) == 0) {
+        debugs(33, 5, "parseHttpRequest: Too large request");
+        return parseHttpRequestAbort(conn, "error:request-too-large");
+    }
+
     /* Attempt to parse the first line; this'll define the method, url, version and header begin */
     r = HttpParserParseReqLine(hp);
 
diff --git a/src/http.cc b/src/http.cc
index 4a46903813..644a8f2568 100644
--- a/src/http.cc
+++ b/src/http.cc
@@ -85,7 +85,7 @@ HttpStateData::HttpStateData(FwdState *theFwdState) : ServerStateData(theFwdStat
     surrogateNoStore = false;
     fd = fwd->server_fd;
     readBuf = new MemBuf;
-    readBuf->init(4096, SQUID_TCP_SO_RCVBUF);
+    readBuf->init();
     orig_request = HTTPMSGLOCK(fwd->request);
 
     if (fwd->servers)