From: Alex Rousskov Date: Tue, 31 Aug 2010 23:34:10 +0000 (-0600) Subject: Compliance: reply with 400 (Bad Request) if request header is too big. X-Git-Tag: take1~311 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b5bd85156037b34aada887be8765765f4d6bc54e;p=thirdparty%2Fsquid.git Compliance: reply with 400 (Bad Request) if request header is too big. Reply with a standard 400 (Bad Request) instead of 601 (Unknown) status in case of an ERR_TOO_BIG error. HTTP does not have a dedicated code for the too-big header error. There is 414 (Request-URI Too Long), but Squid does not distinguish too-large headers from too-large URIs. Co-Advisor test case: test_case/rfc2616/longUri-65536 --- diff --git a/src/HttpStatusCode.h b/src/HttpStatusCode.h index 46c5d8179d..16c4b91a23 100644 --- a/src/HttpStatusCode.h +++ b/src/HttpStatusCode.h @@ -52,6 +52,10 @@ typedef enum { HTTP_GATEWAY_TIMEOUT = 504, HTTP_HTTP_VERSION_NOT_SUPPORTED = 505, HTTP_INSUFFICIENT_STORAGE = 507, /**< RFC2518 section 10.6 */ + + // The 6xx codes below are for internal use only: Bad requests result + // in HTTP_BAD_REQUEST; bad responses in HTTP_GATEWAY_TIMEOUT. + HTTP_INVALID_HEADER = 600, /**< Squid header parsing error */ HTTP_HEADER_TOO_LARGE = 601 /* Header too large to process */ } http_status; diff --git a/src/client_side.cc b/src/client_side.cc index ee33f79cee..1644d5b1bb 100644 --- a/src/client_side.cc +++ b/src/client_side.cc @@ -2407,7 +2407,7 @@ clientProcessRequest(ConnStateData *conn, HttpParser *hp, ClientSocketContext *c assert (repContext); switch (hp->request_parse_status) { case HTTP_HEADER_TOO_LARGE: - repContext->setReplyToError(ERR_TOO_BIG, HTTP_HEADER_TOO_LARGE, method, http->uri, conn->peer, NULL, conn->in.buf, NULL); + repContext->setReplyToError(ERR_TOO_BIG, HTTP_BAD_REQUEST, method, http->uri, conn->peer, NULL, conn->in.buf, NULL); break; case HTTP_METHOD_NOT_ALLOWED: repContext->setReplyToError(ERR_UNSUP_REQ, HTTP_METHOD_NOT_ALLOWED, method, http->uri, conn->peer, NULL, conn->in.buf, NULL);