Am 16.06.2005 um 19:40 schrieb Vlad Seryakov:
It looks like maxpost just checks Content-Length: header, it is not
hard limit like maxinput which limits the real memory buffer for
uploaded content.
As I see, the maxpost test can be easily dwarfed by somebody giving the
content-length of -1 (or less). In that case the code in SockRead()
at the line 1481 will just ignore the maxpost setting:
s = Ns_SetIGet(reqPtr->headers, "content-length");
if (s != NULL) {
reqPtr->length = atoi(s);
if (reqPtr->length < 0
&& reqPtr->length > sockPtr->drvPtr->servPtr-
>limits.maxpost) {
return SOCK_ERROR;
}
}
See? If the content-length is set to some other meaningful value (>=
0) then the
test is OK. But if not, then maxinput is really useless.
I would suggest we simply junk the maxpost knob and rely on the
maxinput only.
This will make life easier.
Zoran
