From 63a715e125cd6ad24b672411b10946ff89d113fe Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Mon, 21 Feb 2011 23:25:13 -0500
Subject: [PATCH] Correctly detect and stop non-chunked http requests when the
 body is too long

Based on analysis and code from Bas Verhoeven and from
Constantine Verutin.
---
 http.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/http.c b/http.c
index 53b58b41..3b947aae 100644
--- a/http.c
+++ b/http.c
@@ -948,7 +948,9 @@ evhttp_read_body(struct evhttp_connection *evcon, struct evhttp_request *req)
 		evbuffer_remove_buffer(buf, req->input_buffer, n);
 	}
 
-	if (req->body_size > req->evcon->max_body_size) {
+	if (req->body_size > req->evcon->max_body_size ||
+	    (!req->chunked && req->ntoread >= 0 &&
+		(size_t)req->ntoread > req->evcon->max_body_size)) {
 		/* failed body length test */
 		event_debug(("Request body is too long"));
 		evhttp_connection_fail(evcon,