cuberite/libevent
1
0
Fork 0
mirror of https://github.com/cuberite/libevent.git synced 2025-09-19 01:04:58 -04:00
Code Issues Packages Projects Releases Wiki Activity

Reject overlong http requests early when Expect:100-continue is set

Browse Source
This commit is contained in:
Constantine Verutin 2010-12-07 11:43:52 -05:00 committed by Nick Mathewson
parent c0bf63cecb
commit d23839fc6e
3 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
http.c
View File

@ -1846,6 +1846,11 @@ evhttp_get_body(struct evhttp_connection *evcon, struct evhttp_request *req)
no, we should respond with an error. For no, we should respond with an error. For
now, just optimistically tell the client to now, just optimistically tell the client to
send their message body. */ send their message body. */
if (req->ntoread > req->evcon->max_body_size) {
evhttp_send_error(req, HTTP_ENTITYTOOLARGE,
NULL);
return;
}
if (!evbuffer_get_length(bufferevent_get_input(evcon->bufev))) if (!evbuffer_get_length(bufferevent_get_input(evcon->bufev)))
evhttp_send_continue(evcon, req); evhttp_send_continue(evcon, req);
} else { } else {

1
include/event2/http.h
View File

@ -58,6 +58,7 @@ struct event_base;
#define HTTP_BADREQUEST 400 /**< invalid http request was made */ #define HTTP_BADREQUEST 400 /**< invalid http request was made */
#define HTTP_NOTFOUND 404 /**< could not find content for uri */ #define HTTP_NOTFOUND 404 /**< could not find content for uri */
#define HTTP_BADMETHOD 405 /**< method not allowed for this uri */ #define HTTP_BADMETHOD 405 /**< method not allowed for this uri */
#define HTTP_ENTITYTOOLARGE 413 /**< */
#define HTTP_EXPECTATIONFAILED 417 /**< we can't handle this expectation */ #define HTTP_EXPECTATIONFAILED 417 /**< we can't handle this expectation */
#define HTTP_INTERNAL 500 /**< internal error */ #define HTTP_INTERNAL 500 /**< internal error */
#define HTTP_NOTIMPLEMENTED 501 /**< not implemented */ #define HTTP_NOTIMPLEMENTED 501 /**< not implemented */

18
test/regress_http.c
View File

@ -3273,6 +3273,15 @@ end:
event_base_loopexit(arg, NULL); event_base_loopexit(arg, NULL);
} }
static void
http_large_entity_test_done(struct evhttp_request *req, void *arg)
{
tt_assert(req);
tt_int_op(evhttp_request_get_response_code(req), ==, HTTP_ENTITYTOOLARGE);
end:
event_base_loopexit(arg, NULL);
}
static void static void
http_data_length_constraints_test(void *arg) http_data_length_constraints_test(void *arg)
{ {
@ -3331,6 +3340,15 @@ http_data_length_constraints_test(void *arg)
} }
event_base_dispatch(data->base); event_base_dispatch(data->base);
req = evhttp_request_new(http_large_entity_test_done, data->base);
evhttp_add_header(evhttp_request_get_output_headers(req), "Host", "somehost");
evhttp_add_header(evhttp_request_get_output_headers(req), "Expect", "100-continue");
evbuffer_add_printf(evhttp_request_get_output_buffer(req), "%s", long_str);
if (evhttp_make_request(evcon, req, EVHTTP_REQ_POST, "/") == -1) {
tt_abort_msg("Couldn't make request");
}
event_base_dispatch(data->base);
test_ok = 1; test_ok = 1;
end: end:
if (evcon) if (evcon)