From: Daniel Gruno Date: Thu, 27 Feb 2014 19:10:55 +0000 (+0000) Subject: mod_lua: Only read up to whatever the user defines as max size when using r:parsebody... X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=793fee62048b484aadb090f47b7427016dcbcf72;p=thirdparty%2Fapache%2Fhttpd.git mod_lua: Only read up to whatever the user defines as max size when using r:parsebody() - if content length is greater, return an error. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1572703 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/lua/lua_request.c b/modules/lua/lua_request.c index 78bed5b017f..c6ec52441b1 100644 --- a/modules/lua/lua_request.c +++ b/modules/lua/lua_request.c @@ -15,6 +15,8 @@ * limitations under the License. */ +#include + #include "mod_lua.h" #include "lua_apr.h" #include "lua_dbd.h" @@ -228,7 +230,8 @@ static int req_aprtable2luatable_cb_len(void *l, const char *key, requests. Used for multipart POST data. ======================================================================================================================= */ -static int lua_read_body(request_rec *r, const char **rbuf, apr_off_t *size) +static int lua_read_body(request_rec *r, const char **rbuf, apr_off_t *size, + apr_off_t *maxsize) { int rc = OK; @@ -243,6 +246,9 @@ static int lua_read_body(request_rec *r, const char **rbuf, apr_off_t *size) apr_off_t length = r->remaining; /*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/ + if (maxsize != 0 && length > maxsize) { + return APR_EINCOMPLETE; /* Only room for incomplete data chunk :( */ + } *rbuf = (const char *) apr_pcalloc(r->pool, (apr_size_t) (length + 1)); *size = length; while ((len_read = ap_get_client_block(r, argsbuffer, sizeof(argsbuffer))) > 0) { @@ -336,7 +342,7 @@ static int req_parsebody(lua_State *L) int i; size_t vlen = 0; size_t len = 0; - if (lua_read_body(r, &data, (apr_off_t*) &size) != OK) { + if (lua_read_body(r, &data, (apr_off_t*) &size, max_post_size) != OK) { return 2; } len = strlen(multipart); @@ -411,7 +417,7 @@ static int lua_ap_requestbody(lua_State *L) if (!filename) { const char *data; - if (lua_read_body(r, &data, &size) != OK) + if (lua_read_body(r, &data, &size, maxSize) != OK) return (0); lua_pushlstring(L, data, (size_t) size);