From: Amos Jeffries <squid3@treenet.co.nz>
Date: Sun, 26 Jul 2009 10:23:20 +0000 (+1200)
Subject: Bug 2674: Remove limit on HTTP headers read.
X-Git-Tag: SQUID_3_1_0_12~12
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0af2c11173d28a3a42c37603b4673d758d3533fb;p=thirdparty%2Fsquid.git

Bug 2674: Remove limit on HTTP headers read.

Headers may be accumulated over more than one read. It does not make
sense to limit the internal copy of the accumulated read buffer to 64KB.

Reverts the internal read buffer to MemBuf defaults. This may cause
issues where headers are of unbounded size. But those are expected to be
caught by the header parser.

Check buffer limits before parsing and return error on all bad parse cases.
No exceptions.
---

diff --git a/src/HttpMsg.cc b/src/HttpMsg.cc
index 22e61db892..0132de9e49 100644
--- a/src/HttpMsg.cc
+++ b/src/HttpMsg.cc
@@ -189,6 +189,7 @@ bool HttpMsg::parse(MemBuf *buf, bool eof, http_status *error)
     if (res == 0) {
         debugs(58, 2, "HttpMsg::parse: strange, need more data near '" <<
                buf->content() << "'");
+        *error = HTTP_INVALID_HEADER;
         return false; // but this should not happen due to headersEnd() above
     }
 
diff --git a/src/client_side.cc b/src/client_side.cc
index 4aab181d8b..c895fecf66 100644
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -1931,6 +1931,17 @@ parseHttpRequest(ConnStateData *conn, HttpParser *hp, HttpRequestMethod * method
     /* pre-set these values to make aborting simpler */
     *method_p = METHOD_NONE;
 
+    /* NP: don't be tempted to move this down or remove again.
+     * It's the only DDoS protection old-String has against long URL */
+    if ( hp->bufsiz <= 0) {
+        debugs(33, 5, "Incomplete request, waiting for end of request line");
+        return NULL;
+    }
+    else if ( (size_t)hp->bufsiz >= Config.maxRequestHeaderSize && headersEnd(hp->buf, Config.maxRequestHeaderSize) == 0) {
+        debugs(33, 5, "parseHttpRequest: Too large request");
+        return parseHttpRequestAbort(conn, "error:request-too-large");
+    }
+
     /* Attempt to parse the first line; this'll define the method, url, version and header begin */
     r = HttpParserParseReqLine(hp);
 
diff --git a/src/http.cc b/src/http.cc
index de16198793..e946dbfb78 100644
--- a/src/http.cc
+++ b/src/http.cc
@@ -84,7 +84,7 @@ HttpStateData::HttpStateData(FwdState *theFwdState) : AsyncJob("HttpStateData"),
     surrogateNoStore = false;
     fd = fwd->server_fd;
     readBuf = new MemBuf;
-    readBuf->init(4096, SQUID_TCP_SO_RCVBUF);
+    readBuf->init();
     orig_request = HTTPMSGLOCK(fwd->request);
 
     // reset peer response time stats for %<pt