From: Eric Covener <covener@apache.org>
Date: Wed, 1 Jun 2022 12:31:48 +0000 (+0000)
Subject: Merge r1901497 from trunk:
X-Git-Tag: 2.4.54-rc1-candidate~23
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ce259c4061905bf834f9af51c92456cfe8335ddc;p=thirdparty%2Fapache%2Fhttpd.git

Merge r1901497 from trunk:

use a liberal default limit for LimitRequestBody of 1GB


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1901499 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/mod/core.xml b/docs/manual/mod/core.xml
index 69d4df88728..78bf50834bc 100644
--- a/docs/manual/mod/core.xml
+++ b/docs/manual/mod/core.xml
@@ -2825,17 +2825,17 @@ LimitInternalRecursion 5
 <description>Restricts the total size of the HTTP request body sent
 from the client</description>
 <syntax>LimitRequestBody <var>bytes</var></syntax>
-<default>LimitRequestBody 0</default>
+<default>LimitRequestBody 1073741824</default>
 <contextlist><context>server config</context><context>virtual host</context>
 <context>directory</context><context>.htaccess</context>
 </contextlist>
 <override>All</override>
+<compatibility>In Apache HTTP Server 2.4.53 and earlier, the default value
+was 0 (unlimited)</compatibility>
 
 <usage>
-    <p>This directive specifies the number of <var>bytes</var> from 0
-    (meaning unlimited) to 2147483647 (2GB) that are allowed in a
-    request body. See the note below for the limited applicability
-    to proxy requests.</p>
+    <p>This directive specifies the number of <var>bytes</var>
+    that are allowed in a request body. A value of <var>0</var> means unlimited.</p>
 
     <p>The <directive>LimitRequestBody</directive> directive allows
     the user to set a limit on the allowed size of an HTTP request
@@ -2863,10 +2863,6 @@ from the client</description>
 LimitRequestBody 102400
     </highlight>
 
-    <note><p>For a full description of how this directive is interpreted by
-    proxy requests, see the <module>mod_proxy</module> documentation.</p>
-    </note>
-
 </usage>
 </directivesynopsis>
 
diff --git a/docs/manual/mod/mod_proxy.xml b/docs/manual/mod/mod_proxy.xml
index 47fa5d34a24..613491d451a 100644
--- a/docs/manual/mod/mod_proxy.xml
+++ b/docs/manual/mod/mod_proxy.xml
@@ -436,9 +436,6 @@ ProxyPass "/examples" "http://backend.example.com/examples" timeout=10
     Content-Length header, but the server is configured to filter incoming
     request bodies.</p>
 
-    <p><directive module="core">LimitRequestBody</directive> only applies to
-    request bodies that the server will spool to disk</p>
-
     </section> <!-- /request-bodies -->
 
     <section id="x-headers"><title>Reverse Proxy Request Headers</title>
diff --git a/modules/http/http_filters.c b/modules/http/http_filters.c
index fb05a17fc73..1a8df347bec 100644
--- a/modules/http/http_filters.c
+++ b/modules/http/http_filters.c
@@ -1703,6 +1703,7 @@ AP_DECLARE(int) ap_setup_client_block(request_rec *r, int read_policy)
 {
     const char *tenc = apr_table_get(r->headers_in, "Transfer-Encoding");
     const char *lenp = apr_table_get(r->headers_in, "Content-Length");
+    apr_off_t limit_req_body = ap_get_limit_req_body(r);
 
     r->read_body = read_policy;
     r->read_chunked = 0;
@@ -1738,6 +1739,11 @@ AP_DECLARE(int) ap_setup_client_block(request_rec *r, int read_policy)
         return HTTP_REQUEST_ENTITY_TOO_LARGE;
     }
 
+    if (limit_req_body > 0 && (r->remaining > limit_req_body)) {
+        /* will be logged when the body is discarded */
+        return HTTP_REQUEST_ENTITY_TOO_LARGE;
+    }
+
 #ifdef AP_DEBUG
     {
         /* Make sure ap_getline() didn't leave any droppings. */
diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
index 83b9cfd3b59..c88af92814e 100644
--- a/modules/proxy/proxy_util.c
+++ b/modules/proxy/proxy_util.c
@@ -4267,13 +4267,10 @@ PROXY_DECLARE(int) ap_proxy_spool_input(request_rec *r,
     apr_bucket *e;
     apr_off_t bytes, fsize = 0;
     apr_file_t *tmpfile = NULL;
-    apr_off_t limit;
 
     *bytes_spooled = 0;
     body_brigade = apr_brigade_create(p, bucket_alloc);
 
-    limit = ap_get_limit_req_body(r);
-
     do {
         if (APR_BRIGADE_EMPTY(input_brigade)) {
             rv = ap_proxy_read_input(r, backend, input_brigade,
@@ -4291,17 +4288,6 @@ PROXY_DECLARE(int) ap_proxy_spool_input(request_rec *r,
         apr_brigade_length(input_brigade, 1, &bytes);
 
         if (*bytes_spooled + bytes > max_mem_spool) {
-            /*
-             * LimitRequestBody does not affect Proxy requests (Should it?).
-             * Let it take effect if we decide to store the body in a
-             * temporary file on disk.
-             */
-            if (limit && (*bytes_spooled + bytes > limit)) {
-                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01088)
-                              "Request body is larger than the configured "
-                              "limit of %" APR_OFF_T_FMT, limit);
-                return HTTP_REQUEST_ENTITY_TOO_LARGE;
-            }
             /* can't spool any more in memory; write latest brigade to disk */
             if (tmpfile == NULL) {
                 const char *temp_dir;
diff --git a/server/core.c b/server/core.c
index 090e3976421..e1493fd4091 100644
--- a/server/core.c
+++ b/server/core.c
@@ -67,7 +67,7 @@
 
 /* LimitRequestBody handling */
 #define AP_LIMIT_REQ_BODY_UNSET         ((apr_off_t) -1)
-#define AP_DEFAULT_LIMIT_REQ_BODY       ((apr_off_t) 0)
+#define AP_DEFAULT_LIMIT_REQ_BODY       ((apr_off_t) 1<<30) /* 1GB */
 
 /* LimitXMLRequestBody handling */
 #define AP_LIMIT_UNSET                  ((long) -1)