From: Eric Covener <covener@apache.org>
Date: Wed, 1 Jun 2022 12:30:46 +0000 (+0000)
Subject: use a liberal default limit for LimitRequestBody of 1GB
X-Git-Tag: 2.5.0-alpha2-ci-test-only~316
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=92499e20034485c5e2d29cb85940e309573d976e;p=thirdparty%2Fapache%2Fhttpd.git

use a liberal default limit for LimitRequestBody of 1GB

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1901497 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/mod/core.xml b/docs/manual/mod/core.xml
index 24f40685b88..b6c146d21cd 100644
--- a/docs/manual/mod/core.xml
+++ b/docs/manual/mod/core.xml
@@ -2855,17 +2855,17 @@ LimitInternalRecursion 5
 <description>Restricts the total size of the HTTP request body sent
 from the client</description>
 <syntax>LimitRequestBody <var>bytes</var></syntax>
-<default>LimitRequestBody 0</default>
+<default>LimitRequestBody 1073741824</default>
 <contextlist><context>server config</context><context>virtual host</context>
 <context>directory</context><context>.htaccess</context>
 </contextlist>
 <override>All</override>
+<compatibility>In Apache HTTP Server 2.4.53 and earlier, the default value
+was 0 (unlimited)</compatibility>
 
 <usage>
-    <p>This directive specifies the number of <var>bytes</var> from 0
-    (meaning unlimited) to 2147483647 (2GB) that are allowed in a
-    request body. See the note below for the limited applicability
-    to proxy requests.</p>
+    <p>This directive specifies the number of <var>bytes</var>
+    that are allowed in a request body. A value of <var>0</var> means unlimited.</p>
 
     <p>The <directive>LimitRequestBody</directive> directive allows
     the user to set a limit on the allowed size of an HTTP request
@@ -2893,10 +2893,6 @@ from the client</description>
 LimitRequestBody 102400
     </highlight>
 
-    <note><p>For a full description of how this directive is interpreted by
-    proxy requests, see the <module>mod_proxy</module> documentation.</p>
-    </note>
-
 </usage>
 </directivesynopsis>
 
diff --git a/docs/manual/mod/mod_proxy.xml b/docs/manual/mod/mod_proxy.xml
index eecbfbe6df9..a440f99ccc9 100644
--- a/docs/manual/mod/mod_proxy.xml
+++ b/docs/manual/mod/mod_proxy.xml
@@ -445,9 +445,6 @@ ProxyPass "/apps"     "http://127"
     Content-Length header, but the server is configured to filter incoming
     request bodies.</p>
 
-    <p><directive module="core">LimitRequestBody</directive> only applies to
-    request bodies that the server will spool to disk</p>
-
     </section> <!-- /request-bodies -->
 
     <section id="x-headers"><title>Reverse Proxy Request Headers</title>
diff --git a/modules/http/http_filters.c b/modules/http/http_filters.c
index 1cd4ad51d56..06ab85da4fd 100644
--- a/modules/http/http_filters.c
+++ b/modules/http/http_filters.c
@@ -1505,6 +1505,7 @@ cleanup:
 AP_DECLARE(int) ap_setup_client_block(request_rec *r, int read_policy)
 {
     const char *lenp = apr_table_get(r->headers_in, "Content-Length");
+    apr_off_t limit_req_body = ap_get_limit_req_body(r);
 
     r->read_body = read_policy;
     r->read_chunked = 0;
@@ -1538,6 +1539,11 @@ AP_DECLARE(int) ap_setup_client_block(request_rec *r, int read_policy)
         return HTTP_REQUEST_ENTITY_TOO_LARGE;
     }
 
+    if (limit_req_body > 0 && (r->remaining > limit_req_body)) {
+        /* will be logged when the body is discarded */
+        return HTTP_REQUEST_ENTITY_TOO_LARGE;
+    }
+
 #ifdef AP_DEBUG
     {
         /* Make sure ap_getline() didn't leave any droppings. */
diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
index cf6c0adaf14..434e37c9d48 100644
--- a/modules/proxy/proxy_util.c
+++ b/modules/proxy/proxy_util.c
@@ -4292,13 +4292,10 @@ PROXY_DECLARE(int) ap_proxy_spool_input(request_rec *r,
     apr_bucket *e;
     apr_off_t bytes, fsize = 0;
     apr_file_t *tmpfile = NULL;
-    apr_off_t limit;
 
     *bytes_spooled = 0;
     body_brigade = apr_brigade_create(p, bucket_alloc);
 
-    limit = ap_get_limit_req_body(r);
-
     do {
         if (APR_BRIGADE_EMPTY(input_brigade)) {
             rv = ap_proxy_read_input(r, backend, input_brigade,
@@ -4316,17 +4313,6 @@ PROXY_DECLARE(int) ap_proxy_spool_input(request_rec *r,
         apr_brigade_length(input_brigade, 1, &bytes);
 
         if (*bytes_spooled + bytes > max_mem_spool) {
-            /*
-             * LimitRequestBody does not affect Proxy requests (Should it?).
-             * Let it take effect if we decide to store the body in a
-             * temporary file on disk.
-             */
-            if (limit && (*bytes_spooled + bytes > limit)) {
-                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01088)
-                              "Request body is larger than the configured "
-                              "limit of %" APR_OFF_T_FMT, limit);
-                return HTTP_REQUEST_ENTITY_TOO_LARGE;
-            }
             /* can't spool any more in memory; write latest brigade to disk */
             if (tmpfile == NULL) {
                 const char *temp_dir;
diff --git a/server/core.c b/server/core.c
index e3953f231ad..5653b4db3e6 100644
--- a/server/core.c
+++ b/server/core.c
@@ -68,7 +68,7 @@
 
 /* LimitRequestBody handling */
 #define AP_LIMIT_REQ_BODY_UNSET         ((apr_off_t) -1)
-#define AP_DEFAULT_LIMIT_REQ_BODY       ((apr_off_t) 0)
+#define AP_DEFAULT_LIMIT_REQ_BODY       ((apr_off_t) 1<<30) /* 1GB */
 
 /* LimitXMLRequestBody handling */
 #define AP_LIMIT_UNSET                  ((long) -1)