[Bug 60375] New: Apache httpd returns "200 OK" for a request exceeding LimitRequestBody when enabling mod_ext_filter

Tue, 15 Nov 2016 07:44:27 -0800 

https://bz.apache.org/bugzilla/show_bug.cgi?id=60375

            Bug ID: 60375
           Summary: Apache httpd returns "200 OK" for a request exceeding
                    LimitRequestBody when enabling mod_ext_filter
           Product: Apache httpd-2
           Version: 2.4.23
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ext_filter
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

Created attachment 34448
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=34448&action=edit
Patch fixing the issue

Apache httpd returns "200 OK" for a request exceeding LimitRequestBody when
enabling mod_ext_filter.

Version:
httpd-2.4.23

Steps to Reproduce:

1. Configure LimitRequestBody and mod_ext_filter:

    LimitRequestBody 100
    ExtFilterDefine testfilter mode=output cmd="/bin/sed s/foo/bar/g"
    SetOutputFilter testfilter

2. Prepare a test file which is larger than LimitRequestBody

    dd if=/dev/zero of=/tmp/testfile bs=1 count=101

3. Create testing page

    echo "HELLO" > /var/www/html/test.html 

4. Start httpd

    systemctl start httpd

5. Sent a POST request with the file 

    curl -X POST -v -s -T /tmp/testfile http://127.0.0.1/test.html


Actual results:

Apache httpd returns "200 OK"

~~~
$ curl -X POST -v -s -T /tmp/testfile 127.0.0.1/test.html
...
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)
> POST /test.html HTTP/1.1
> Host: 127.0.0.1
> User-Agent: curl/7.47.1
> Accept: */*
> Content-Length: 101
> Expect: 100-continue
> 
< HTTP/1.1 200 OK
< Date: Tue, 15 Nov 2016 15:37:30 GMT
< Server: Apache/2.4.23 (Fedora)
< Content-Length: 0
< Connection: close
< Content-Type: text/html; charset=UTF-8
< 
* Excess found in a non pipelined read: excess = 6 url = /test.html
(zero-length body)
* Closing connection 0
~~~


Expected results:

Apache httpd should return "413 Request Entity Too Large".



Attaching proposed patch.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to