diff options
author | florian <florian@openbsd.org> | 2018-12-04 18:12:08 +0000 |
---|---|---|
committer | florian <florian@openbsd.org> | 2018-12-04 18:12:08 +0000 |
commit | f0a27d9860b128253bd7ac362c13c2bf456055d7 (patch) | |
tree | f7d1841df0a3839299a05a9dd8dd41b5d5b977a4 /usr.sbin/httpd | |
parent | redo the debug logging to be more like everything else. (diff) | |
download | wireguard-openbsd-f0a27d9860b128253bd7ac362c13c2bf456055d7.tar.xz wireguard-openbsd-f0a27d9860b128253bd7ac362c13c2bf456055d7.zip |
Check maxrequestbody when we found the right server / location.
Very patiently pointed out repeatedly by Tracey Emery ( tracey AT
traceyemery.net ), thanks!
OK benno
Diffstat (limited to 'usr.sbin/httpd')
-rw-r--r-- | usr.sbin/httpd/server_http.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/usr.sbin/httpd/server_http.c b/usr.sbin/httpd/server_http.c index e05cec56dfc..9b13db2bca4 100644 --- a/usr.sbin/httpd/server_http.c +++ b/usr.sbin/httpd/server_http.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server_http.c,v 1.127 2018/11/04 05:56:45 guenther Exp $ */ +/* $OpenBSD: server_http.c,v 1.128 2018/12/04 18:12:08 florian Exp $ */ /* * Copyright (c) 2006 - 2018 Reyk Floeter <reyk@openbsd.org> @@ -198,7 +198,6 @@ void server_read_http(struct bufferevent *bev, void *arg) { struct client *clt = arg; - struct server_config *srv_conf = clt->clt_srv_conf; struct http_descriptor *desc = clt->clt_descreq; struct evbuffer *src = EVBUFFER_INPUT(bev); char *line = NULL, *key, *value; @@ -357,11 +356,6 @@ server_read_http(struct bufferevent *bev, void *arg) server_abort_http(clt, 500, errstr); goto abort; } - if ((size_t)clt->clt_toread > - srv_conf->maxrequestbody) { - server_abort_http(clt, 413, NULL); - goto abort; - } } if (strcasecmp("Transfer-Encoding", key) == 0 && @@ -1334,6 +1328,12 @@ server_response(struct httpd *httpd, struct client *clt) srv_conf = server_getlocation(clt, desc->http_path); } + if (clt->clt_toread > 0 && (size_t)clt->clt_toread > + srv_conf->maxrequestbody) { + server_abort_http(clt, 413, NULL); + return (-1); + } + if (srv_conf->flags & SRVFLAG_BLOCK) { server_abort_http(clt, srv_conf->return_code, srv_conf->return_uri); |