From: Justin Erenkrantz Date: Mon, 8 Mar 2004 22:54:20 +0000 (+0000) Subject: Remove compile-time length limit on request strings. Length is X-Git-Tag: 2.0.49~39 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4dd7d2b8a797a65c0f8b84b0e744447c849968ce;p=thirdparty%2Fapache%2Fhttpd.git Remove compile-time length limit on request strings. Length is now enforced solely with the LimitRequestLine config directive. Submitted by: Paul J. Reder Reviewed by: rederpj, jerenkrantz, trawick git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@102887 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index a037d9e41f3..0f462ddd536 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,9 @@ Changes with Apache 2.0.49 + *) Remove compile-time length limit on request strings. Length is + now enforced solely with the LimitRequestLine config directive. + [Paul J. Reder] + *) mod_ssl: Send the Close Alert message to the peer before closing the SSL session. PR 27428. [Madhusudan Mathihalli, Joe Orton] diff --git a/server/core.c b/server/core.c index 2fda1fb37d1..dba35dd4742 100644 --- a/server/core.c +++ b/server/core.c @@ -2446,12 +2446,6 @@ static const char *set_limit_req_line(cmd_parms *cmd, void *dummy, "\" must be a non-negative integer", NULL); } - if (lim > DEFAULT_LIMIT_REQUEST_LINE) { - return apr_psprintf(cmd->temp_pool, "LimitRequestLine \"%s\" " - "must not exceed the precompiled maximum of %d", - arg, DEFAULT_LIMIT_REQUEST_LINE); - } - cmd->server->limit_req_line = lim; return NULL; } diff --git a/server/protocol.c b/server/protocol.c index 25cc75fa67d..588dd6dd581 100644 --- a/server/protocol.c +++ b/server/protocol.c @@ -578,11 +578,22 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb) * if there are empty lines */ r->the_request = NULL; - rv = ap_rgetline(&(r->the_request), DEFAULT_LIMIT_REQUEST_LINE + 2, + rv = ap_rgetline(&(r->the_request), (apr_size_t)(r->server->limit_req_line + 2), &len, r, 0, bb); if (rv != APR_SUCCESS) { r->request_time = apr_time_now(); + + /* ap_rgetline returns APR_ENOSPC if it fills up the + * buffer before finding the end-of-line. This is only going to + * happen if it exceeds the configured limit for a request-line. + */ + if (rv == APR_ENOSPC) { + r->status = HTTP_REQUEST_URI_TOO_LARGE; + r->proto_num = HTTP_VERSION(1,0); + r->protocol = apr_pstrdup(r->pool, "HTTP/1.0"); + } + return 0; } } while ((len <= 0) && (++num_blank_lines < max_blank_lines)); @@ -612,18 +623,6 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb) ap_parse_uri(r, uri); - /* ap_getline returns (size of max buffer - 1) if it fills up the - * buffer before finding the end-of-line. This is only going to - * happen if it exceeds the configured limit for a request-line. - * The cast is safe, limit_req_line cannot be negative - */ - if (len > (apr_size_t)r->server->limit_req_line) { - r->status = HTTP_REQUEST_URI_TOO_LARGE; - r->proto_num = HTTP_VERSION(1,0); - r->protocol = apr_pstrdup(r->pool, "HTTP/1.0"); - return 0; - } - if (ll[0]) { r->assbackwards = 0; pro = ll; @@ -859,7 +858,7 @@ request_rec *ap_read_request(conn_rec *conn) if (!read_request_line(r, tmp_bb)) { if (r->status == HTTP_REQUEST_URI_TOO_LARGE) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, - "request failed: URI too long"); + "request failed: URI too long (longer than %d)", r->server->limit_req_line); ap_send_error_response(r, 0); ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r); ap_run_log_transaction(r);