cuberite/libevent
1
0
Fork 0
mirror of https://github.com/cuberite/libevent.git synced 2025-09-09 12:28:19 -04:00
Code Issues Packages Projects Releases Wiki Activity

Correctly detect and stop non-chunked http requests when the body is too long

Browse Source 
Based on analysis and code from Bas Verhoeven and from
Constantine Verutin.
This commit is contained in:
Nick Mathewson 2011-02-21 23:25:13 -05:00
parent deb2f73879
commit 63a715e125
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
http.c
View File

@ -948,7 +948,9 @@ evhttp_read_body(struct evhttp_connection *evcon, struct evhttp_request *req)
evbuffer_remove_buffer(buf, req->input_buffer, n);
}
if (req->body_size > req->evcon->max_body_size) {
if (req->body_size > req->evcon->max_body_size ||
(!req->chunked && req->ntoread >= 0 &&
(size_t)req->ntoread > req->evcon->max_body_size)) {
/* failed body length test */
event_debug(("Request body is too long"));
evhttp_connection_fail(evcon,