parse_connection_headers(): report if client payload is too large.

Request payload with sizes larger than 16 EiB (exabytes) are technically valid, but cannot be processed by MHD. Now they are rejected with 413 HTTP code.
author: Evgeny Grin (Karlson2k) <k2k@narod.ru> 2021-11-24 17:07:42 +0300
committer: Evgeny Grin (Karlson2k) <k2k@narod.ru> 2021-11-24 21:55:57 +0300
commit: 385b4df1b9e8b5dc625debd38dc5c7e3538b89e0 (patch)
tree: ef2ab3c0501a9bc8504cd14a6b4683b360eef19b
parent: 06251c9017bc41e7bcf23fa86ebc835cda685a79 (diff)
download: libmicrohttpd-385b4df1b9e8b5dc625debd38dc5c7e3538b89e0.tar.gz
libmicrohttpd-385b4df1b9e8b5dc625debd38dc5c7e3538b89e0.zip
1 files changed, 33 insertions, 7 deletions
diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c
index 93b484e9..a009cddf 100644
--- a/src/microhttpd/connection.c
+++ b/src/microhttpd/connection.c
@@ -125,6 +125,17 @@
 #endif
 /**
+ * Response text used when the request HTTP content is too large.
+ */
+#ifdef HAVE_MESSAGES
+#define REQUEST_CONTENTLENGTH_TOOLARGE \
+  "<html><head><title>Request content too large</title></head>" \
+  "<body>Your HTTP request has too large value for <b>Content-Length</b> header.</body></html>"
+#else
+#define REQUEST_CONTENTLENGTH_TOOLARGE ""
+#endif
+/**
 * Response text used when the request HTTP chunked encoding is
 * malformed.
 */
@@ -3600,15 +3611,30 @@ parse_connection_headers (struct MHD_Connection *connection)
           (0 == num_digits) )
      {
        connection->remaining_upload_size = 0;
+        if ((0 == num_digits) &&
+            (0 != val_len) &&
+            ('0' <= clen[0]) && ('9' >= clen[0]))
+        {
 #ifdef HAVE_MESSAGES
-        MHD_DLOG (connection->daemon,
+          MHD_DLOG (connection->daemon,
-                  _ (
+                    _ ("Too large value of 'Content-Length' header. " \
-                    "Failed to parse `Content-Length' header. Closing connection.\n"));
+                       "Closing connection.\n"));
 #endif
-        transmit_error_response_static (connection,
+          transmit_error_response_static (connection,
-                                        MHD_HTTP_BAD_REQUEST,
+                                          MHD_HTTP_CONTENT_TOO_LARGE,
-                                        REQUEST_CONTENTLENGTH_MALFORMED);
+                                          REQUEST_CONTENTLENGTH_TOOLARGE);
-        return;
+        }
+        else
+        {
+#ifdef HAVE_MESSAGES
+          MHD_DLOG (connection->daemon,
+                    _ ("Failed to parse `Content-Length' header. " \
+                       "Closing connection.\n"));
+#endif
+          transmit_error_response_static (connection,
+                                          MHD_HTTP_BAD_REQUEST,
+                                          REQUEST_CONTENTLENGTH_MALFORMED);
+        }
      }
    }
  }
author	Evgeny Grin (Karlson2k) <k2k@narod.ru>	2021-11-24 17:07:42 +0300
committer	Evgeny Grin (Karlson2k) <k2k@narod.ru>	2021-11-24 21:55:57 +0300
commit	385b4df1b9e8b5dc625debd38dc5c7e3538b89e0 (patch)
tree	ef2ab3c0501a9bc8504cd14a6b4683b360eef19b
parent	06251c9017bc41e7bcf23fa86ebc835cda685a79 (diff)
download	libmicrohttpd-385b4df1b9e8b5dc625debd38dc5c7e3538b89e0.tar.gz libmicrohttpd-385b4df1b9e8b5dc625debd38dc5c7e3538b89e0.zip

diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c index 93b484e9..a009cddf 100644 --- a/src/microhttpd/connection.c +++ b/src/microhttpd/connection.c
@@ -125,6 +125,17 @@
125	#endif	125	#endif
126		126
127	/**	127	/**
		128	* Response text used when the request HTTP content is too large.
		129	*/
		130	#ifdef HAVE_MESSAGES
		131	#define REQUEST_CONTENTLENGTH_TOOLARGE \
		132	"<html><head><title>Request content too large</title></head>" \
		133	"<body>Your HTTP request has too large value for <b>Content-Length</b> header.</body></html>"
		134	#else
		135	#define REQUEST_CONTENTLENGTH_TOOLARGE ""
		136	#endif
		137
		138	/**
128	* Response text used when the request HTTP chunked encoding is	139	* Response text used when the request HTTP chunked encoding is
129	* malformed.	140	* malformed.
130	*/	141	*/
@@ -3600,15 +3611,30 @@ parse_connection_headers (struct MHD_Connection *connection)
3600	(0 == num_digits) )	3611	(0 == num_digits) )
3601	{	3612	{
3602	connection->remaining_upload_size = 0;	3613	connection->remaining_upload_size = 0;
		3614	if ((0 == num_digits) &&
		3615	(0 != val_len) &&
		3616	('0' <= clen[0]) && ('9' >= clen[0]))
		3617	{
3603	#ifdef HAVE_MESSAGES	3618	#ifdef HAVE_MESSAGES
3604	MHD_DLOG (connection->daemon,	3619	MHD_DLOG (connection->daemon,
3605	_ (	3620	_ ("Too large value of 'Content-Length' header. " \
3606	"Failed to parse `Content-Length' header. Closing connection.\n"));	3621	"Closing connection.\n"));
3607	#endif	3622	#endif
3608	transmit_error_response_static (connection,	3623	transmit_error_response_static (connection,
3609	MHD_HTTP_BAD_REQUEST,	3624	MHD_HTTP_CONTENT_TOO_LARGE,
3610	REQUEST_CONTENTLENGTH_MALFORMED);	3625	REQUEST_CONTENTLENGTH_TOOLARGE);
3611	return;	3626	}
		3627	else
		3628	{
		3629	#ifdef HAVE_MESSAGES
		3630	MHD_DLOG (connection->daemon,
		3631	_ ("Failed to parse `Content-Length' header. " \
		3632	"Closing connection.\n"));
		3633	#endif
		3634	transmit_error_response_static (connection,
		3635	MHD_HTTP_BAD_REQUEST,
		3636	REQUEST_CONTENTLENGTH_MALFORMED);
		3637	}
3612	}	3638	}
3613	}	3639	}
3614	}	3640	}