File 0270-max_content_length2.patch of Package sblim-sfcb

Overview Repositories Revisions Requests Users Attributes Meta

File 0270-max_content_length2.patch of Package sblim-sfcb

diff -up ./control.c.orig ./control.c
--- ./control.c.orig	2008-12-04 14:48:47.000000000 -0700
+++ ./control.c	2008-12-04 14:45:33.000000000 -0700
@@ -109,7 +109,7 @@ Control init[] = {
    {"traceLevel",   1, "0"},
    {"traceMask",   1, "0"},
 
-   {"httpMaxContentLength",	1,	"0"},
+   {"httpMaxContentLength",	1,	"100000000"},
 };
 
 void sunsetControl()
@@ -236,6 +236,25 @@ int getControlNum(char *id, long *val)
    return rc;
 }
 
+int getControlUNum(char *id, unsigned int *val)
+{
+    Control *ctl;
+    int rc = -1;
+    if ((ctl = ct->ft->get(ct, id))) {
+        if (ctl->type == 1 && isdigit(ctl->strValue[0])) {
+            unsigned long tmp = strtoul(ctl->strValue,NULL,0);
+            if (tmp < UINT_MAX)
+            {
+                *val = tmp; 
+                return 0;
+            }
+        }
+        rc = -2;
+    }
+    *val = 0;
+    return rc;
+}
+
 int getControlBool(char *id, int *val)
 {
    Control *ctl;
diff -up ./control.h.orig ./control.h
--- ./control.h.orig	2008-12-04 14:48:52.000000000 -0700
+++ ./control.h	2008-12-04 14:31:20.000000000 -0700
@@ -25,6 +25,7 @@ int setupControl(char *fn);
 void sunsetControl();
 int getControlChars(char *id, char **val);
 int getControlNum(char *id, long *val);
+int getControlUNum(char *id, unsigned int *val);
 int getControlBool(char *id, int *val);
 
 #endif
diff -up ./httpAdapter.c.orig ./httpAdapter.c
--- ./httpAdapter.c.orig	2008-12-04 14:48:33.000000000 -0700
+++ ./httpAdapter.c	2008-12-04 14:54:19.000000000 -0700
@@ -120,7 +120,9 @@ typedef int (*Authenticate)(char* princi
 
 typedef struct _buffer {
    char *data, *content;
-   int length, size, ptr, content_length,trailers;
+   int length, size, ptr; 
+   unsigned int content_length;
+   int trailers;
    char *httpHdr, *authorization, *content_type, *host, *useragent;
    char *principal;
    char *protocol;
@@ -372,7 +374,7 @@ static int readData(CommHndl conn_fd, ch
 
 static int getPayload(CommHndl conn_fd, Buffer * b)
 {
-   int c = b->length - b->ptr;
+   unsigned int c = b->length - b->ptr;
    int rc = 0;
    b->content = (char *) malloc(b->content_length + 8);
    if (c) memcpy(b->content, (b->data) + b->ptr, c);
@@ -692,7 +694,8 @@ static int doHttpRequest(CommHndl conn_f
    Buffer inBuf = { NULL, NULL, 0, 0, 0, 0, 0 ,0};
    RespSegments response;
    static RespSegments nullResponse = { NULL, 0, 0, NULL, { {0, NULL} } };
-   int len, hl, rc,uset=0;
+   unsigned long len;
+   int hl, rc,uset=0;
    char *hdr, *path;
    int discardInput=0;
    MsgSegment msgs[2];
@@ -711,7 +714,7 @@ static int doHttpRequest(CommHndl conn_f
    inBuf.authorization = "";
    inBuf.protocol="HTTP/1.1";
    inBuf.content_type = NULL;
-   inBuf.content_length = -1;
+   inBuf.content_length = UINT_MAX;
    inBuf.host = NULL;
    inBuf.useragent = "";
    int badReq = 0;
@@ -783,15 +786,29 @@ static int doHttpRequest(CommHndl conn_f
       else if (strncasecmp(hdr, "Content-Length:", 15) == 0) {
          cp = &hdr[15];
          cp += strspn(cp, " \t");
-         inBuf.content_length = atol(cp);
-         int maxLen;
-         getControlNum("httpMaxContentLength", &maxLen);
-         if((maxLen) && (inBuf.content_length > maxLen)) {
+         if (cp[0] == '-')
+         {
+            genError(conn_fd, &inBuf, 400, "Negative Content-Length", NULL);
+            _SFCB_TRACE(1, ("--- exiting: content-length too big"));      
+            commClose(conn_fd);
+            exit(1);
+         }
+         unsigned long clen = strtoul(cp, NULL, 0);
+         unsigned int maxLen;
+         if (getControlUNum("httpMaxContentLength", &maxLen) != 0)
+         {
+            genError(conn_fd, &inBuf, 501, "Server misconfigured (httpMaxContentLength)", NULL);
+            _SFCB_TRACE(1, ("--- exiting: bad config httpMaxContentLength"));      
+            commClose(conn_fd);
+            exit(1);
+         }
+         if((clen >= UINT_MAX) || ((maxLen) && (clen > maxLen))) {
             genError(conn_fd, &inBuf, 413, "Request Entity Too Large", NULL);
             _SFCB_TRACE(1, ("--- exiting: content-length too big"));      
             commClose(conn_fd);
             exit(1);
          }
+         inBuf.content_length = clen; 
       }
       else if (strncasecmp(hdr, "Content-Type:", 13) == 0) {
          cp = &hdr[13];
@@ -876,7 +893,7 @@ static int doHttpRequest(CommHndl conn_f
    }
 
    len = inBuf.content_length;
-   if (len < 0) {
+   if (len == UINT_MAX) {
      if (!discardInput) {
         genError(conn_fd, &inBuf, 411, "Length Required", NULL);
      }

Places

File 0270-max_content_length2.patch of Package sblim-sfcb

Places