dgaudet 98/08/09 09:57:29
Modified: src/include httpd.h src/main http_protocol.c Log: Include everything in the limits, rather than having to remember to add 2 to some of them... which leads to off-by-1 errors like one I just committed. (I don't understand what the + 2 was all about. It doesn't fit \r\n\0...) Revision Changes Path 1.232 +2 -2 apache-1.3/src/include/httpd.h Index: httpd.h =================================================================== RCS file: /export/home/cvs/apache-1.3/src/include/httpd.h,v retrieving revision 1.231 retrieving revision 1.232 diff -u -r1.231 -r1.232 --- httpd.h 1998/08/09 06:37:16 1.231 +++ httpd.h 1998/08/09 16:57:28 1.232 @@ -551,13 +551,13 @@ * LimitRequestFieldSize, and LimitRequestBody configuration directives. */ #ifndef DEFAULT_LIMIT_REQUEST_LINE -#define DEFAULT_LIMIT_REQUEST_LINE 8190 +#define DEFAULT_LIMIT_REQUEST_LINE 8192 #endif /* default limit on bytes in Request-Line (Method+URI+HTTP-version) */ #ifndef DEFAULT_LIMIT_REQUEST_FIELDS #define DEFAULT_LIMIT_REQUEST_FIELDS 100 #endif /* default limit on number of header fields */ #ifndef DEFAULT_LIMIT_REQUEST_FIELDSIZE -#define DEFAULT_LIMIT_REQUEST_FIELDSIZE 8190 +#define DEFAULT_LIMIT_REQUEST_FIELDSIZE 8192 #endif /* default limit on bytes in any one field */ #ifndef DEFAULT_LIMIT_REQUEST_BODY #define DEFAULT_LIMIT_REQUEST_BODY 33554432ul 1.234 +5 -5 apache-1.3/src/main/http_protocol.c Index: http_protocol.c =================================================================== RCS file: /export/home/cvs/apache-1.3/src/main/http_protocol.c,v retrieving revision 1.233 retrieving revision 1.234 diff -u -r1.233 -r1.234 --- http_protocol.c 1998/08/09 16:52:31 1.233 +++ http_protocol.c 1998/08/09 16:57:29 1.234 @@ -635,7 +635,7 @@ pool *tmp; tmp = ap_make_sub_pool(r->pool); - l = ap_palloc(tmp, r->server->limit_req_line + 2); + l = ap_palloc(tmp, r->server->limit_req_line); ll = l; /* Read past empty lines until we get a real request line, @@ -653,7 +653,7 @@ * have to block during a read. */ ap_bsetflag(conn->client, B_SAFEREAD, 1); - while ((len = getline(l, r->server->limit_req_line + 2, conn->client, 0)) <= 0) { + while ((len = getline(l, r->server->limit_req_line, conn->client, 0)) <= 0) { if ((len < 0) || ap_bgetflag(conn->client, B_EOF)) { ap_bsetflag(conn->client, B_SAFEREAD, 0); ap_destroy_pool(tmp); @@ -764,7 +764,7 @@ arr = ap_make_array(tmp, 50, sizeof(mime_key)); order = 0; - field = ap_palloc(tmp, r->server->limit_req_fieldsize + 2); + field = ap_palloc(tmp, r->server->limit_req_fieldsize); /* If headers_in is non-empty (i.e. we're parsing a trailer) then * we have to merge. Have I mentioned that I think this is a lame part @@ -794,7 +794,7 @@ * Read header lines until we get the empty separator line, a read error, * the connection closes (EOF), reach the server limit, or we timeout. */ - while ((len = getline(field, r->server->limit_req_fieldsize + 2, + while ((len = getline(field, r->server->limit_req_fieldsize, c->client, 1)) > 0) { if (++fields_read > r->server->limit_req_fields) { @@ -804,7 +804,7 @@ ap_destroy_pool(tmp); return; } - if (len >= r->server->limit_req_fieldsize + 1) { + if (len >= r->server->limit_req_fieldsize) { r->status = HTTP_BAD_REQUEST; ap_table_setn(r->notes, "error-notes", ap_pstrcat(r->pool, "Size of a request header field exceeds server limit.<P>\n"