dgaudet 98/08/09 09:57:29
Modified: src/include httpd.h
src/main http_protocol.c
Log:
Include everything in the limits, rather than having to remember to
add 2 to some of them... which leads to off-by-1 errors like one I just
committed. (I don't understand what the + 2 was all about. It doesn't
fit \r\n\0...)
Revision Changes Path
1.232 +2 -2 apache-1.3/src/include/httpd.h
Index: httpd.h
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/include/httpd.h,v
retrieving revision 1.231
retrieving revision 1.232
diff -u -r1.231 -r1.232
--- httpd.h 1998/08/09 06:37:16 1.231
+++ httpd.h 1998/08/09 16:57:28 1.232
@@ -551,13 +551,13 @@
* LimitRequestFieldSize, and LimitRequestBody configuration directives.
*/
#ifndef DEFAULT_LIMIT_REQUEST_LINE
-#define DEFAULT_LIMIT_REQUEST_LINE 8190
+#define DEFAULT_LIMIT_REQUEST_LINE 8192
#endif /* default limit on bytes in Request-Line (Method+URI+HTTP-version) */
#ifndef DEFAULT_LIMIT_REQUEST_FIELDS
#define DEFAULT_LIMIT_REQUEST_FIELDS 100
#endif /* default limit on number of header fields */
#ifndef DEFAULT_LIMIT_REQUEST_FIELDSIZE
-#define DEFAULT_LIMIT_REQUEST_FIELDSIZE 8190
+#define DEFAULT_LIMIT_REQUEST_FIELDSIZE 8192
#endif /* default limit on bytes in any one field */
#ifndef DEFAULT_LIMIT_REQUEST_BODY
#define DEFAULT_LIMIT_REQUEST_BODY 33554432ul
1.234 +5 -5 apache-1.3/src/main/http_protocol.c
Index: http_protocol.c
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/main/http_protocol.c,v
retrieving revision 1.233
retrieving revision 1.234
diff -u -r1.233 -r1.234
--- http_protocol.c 1998/08/09 16:52:31 1.233
+++ http_protocol.c 1998/08/09 16:57:29 1.234
@@ -635,7 +635,7 @@
pool *tmp;
tmp = ap_make_sub_pool(r->pool);
- l = ap_palloc(tmp, r->server->limit_req_line + 2);
+ l = ap_palloc(tmp, r->server->limit_req_line);
ll = l;
/* Read past empty lines until we get a real request line,
@@ -653,7 +653,7 @@
* have to block during a read.
*/
ap_bsetflag(conn->client, B_SAFEREAD, 1);
- while ((len = getline(l, r->server->limit_req_line + 2, conn->client,
0)) <= 0) {
+ while ((len = getline(l, r->server->limit_req_line, conn->client, 0)) <=
0) {
if ((len < 0) || ap_bgetflag(conn->client, B_EOF)) {
ap_bsetflag(conn->client, B_SAFEREAD, 0);
ap_destroy_pool(tmp);
@@ -764,7 +764,7 @@
arr = ap_make_array(tmp, 50, sizeof(mime_key));
order = 0;
- field = ap_palloc(tmp, r->server->limit_req_fieldsize + 2);
+ field = ap_palloc(tmp, r->server->limit_req_fieldsize);
/* If headers_in is non-empty (i.e. we're parsing a trailer) then
* we have to merge. Have I mentioned that I think this is a lame part
@@ -794,7 +794,7 @@
* Read header lines until we get the empty separator line, a read error,
* the connection closes (EOF), reach the server limit, or we timeout.
*/
- while ((len = getline(field, r->server->limit_req_fieldsize + 2,
+ while ((len = getline(field, r->server->limit_req_fieldsize,
c->client, 1)) > 0) {
if (++fields_read > r->server->limit_req_fields) {
@@ -804,7 +804,7 @@
ap_destroy_pool(tmp);
return;
}
- if (len >= r->server->limit_req_fieldsize + 1) {
+ if (len >= r->server->limit_req_fieldsize) {
r->status = HTTP_BAD_REQUEST;
ap_table_setn(r->notes, "error-notes", ap_pstrcat(r->pool,
"Size of a request header field exceeds server limit.<P>\n"
