diff options
author | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2021-11-24 17:07:42 +0300 |
---|---|---|
committer | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2021-11-24 21:55:57 +0300 |
commit | 385b4df1b9e8b5dc625debd38dc5c7e3538b89e0 (patch) | |
tree | ef2ab3c0501a9bc8504cd14a6b4683b360eef19b | |
parent | 06251c9017bc41e7bcf23fa86ebc835cda685a79 (diff) | |
download | libmicrohttpd-385b4df1b9e8b5dc625debd38dc5c7e3538b89e0.tar.gz libmicrohttpd-385b4df1b9e8b5dc625debd38dc5c7e3538b89e0.zip |
parse_connection_headers(): report if client payload is too large.
Request payload with sizes larger than 16 EiB (exabytes) are technically
valid, but cannot be processed by MHD. Now they are rejected
with 413 HTTP code.
-rw-r--r-- | src/microhttpd/connection.c | 40 |
1 files changed, 33 insertions, 7 deletions
diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c index 93b484e9..a009cddf 100644 --- a/src/microhttpd/connection.c +++ b/src/microhttpd/connection.c | |||
@@ -125,6 +125,17 @@ | |||
125 | #endif | 125 | #endif |
126 | 126 | ||
127 | /** | 127 | /** |
128 | * Response text used when the request HTTP content is too large. | ||
129 | */ | ||
130 | #ifdef HAVE_MESSAGES | ||
131 | #define REQUEST_CONTENTLENGTH_TOOLARGE \ | ||
132 | "<html><head><title>Request content too large</title></head>" \ | ||
133 | "<body>Your HTTP request has too large value for <b>Content-Length</b> header.</body></html>" | ||
134 | #else | ||
135 | #define REQUEST_CONTENTLENGTH_TOOLARGE "" | ||
136 | #endif | ||
137 | |||
138 | /** | ||
128 | * Response text used when the request HTTP chunked encoding is | 139 | * Response text used when the request HTTP chunked encoding is |
129 | * malformed. | 140 | * malformed. |
130 | */ | 141 | */ |
@@ -3600,15 +3611,30 @@ parse_connection_headers (struct MHD_Connection *connection) | |||
3600 | (0 == num_digits) ) | 3611 | (0 == num_digits) ) |
3601 | { | 3612 | { |
3602 | connection->remaining_upload_size = 0; | 3613 | connection->remaining_upload_size = 0; |
3614 | if ((0 == num_digits) && | ||
3615 | (0 != val_len) && | ||
3616 | ('0' <= clen[0]) && ('9' >= clen[0])) | ||
3617 | { | ||
3603 | #ifdef HAVE_MESSAGES | 3618 | #ifdef HAVE_MESSAGES |
3604 | MHD_DLOG (connection->daemon, | 3619 | MHD_DLOG (connection->daemon, |
3605 | _ ( | 3620 | _ ("Too large value of 'Content-Length' header. " \ |
3606 | "Failed to parse `Content-Length' header. Closing connection.\n")); | 3621 | "Closing connection.\n")); |
3607 | #endif | 3622 | #endif |
3608 | transmit_error_response_static (connection, | 3623 | transmit_error_response_static (connection, |
3609 | MHD_HTTP_BAD_REQUEST, | 3624 | MHD_HTTP_CONTENT_TOO_LARGE, |
3610 | REQUEST_CONTENTLENGTH_MALFORMED); | 3625 | REQUEST_CONTENTLENGTH_TOOLARGE); |
3611 | return; | 3626 | } |
3627 | else | ||
3628 | { | ||
3629 | #ifdef HAVE_MESSAGES | ||
3630 | MHD_DLOG (connection->daemon, | ||
3631 | _ ("Failed to parse `Content-Length' header. " \ | ||
3632 | "Closing connection.\n")); | ||
3633 | #endif | ||
3634 | transmit_error_response_static (connection, | ||
3635 | MHD_HTTP_BAD_REQUEST, | ||
3636 | REQUEST_CONTENTLENGTH_MALFORMED); | ||
3637 | } | ||
3612 | } | 3638 | } |
3613 | } | 3639 | } |
3614 | } | 3640 | } |