On 6/16/05, Zoran Vasiljevic <[EMAIL PROTECTED]> wrote: > > Am 16.06.2005 um 19:40 schrieb Vlad Seryakov: > > > It looks like maxpost just checks Content-Length: header, it is not > > hard limit like maxinput which limits the real memory buffer for > > uploaded content. > > > > As I see, the maxpost test can be easily dwarfed by somebody giving the > content-length of -1 (or less). In that case the code in SockRead() > at the line 1481 will just ignore the maxpost setting: > > s = Ns_SetIGet(reqPtr->headers, "content-length"); > if (s != NULL) { > reqPtr->length = atoi(s); > if (reqPtr->length < 0 > && reqPtr->length > sockPtr->drvPtr->servPtr- > >limits.maxpost) { > return SOCK_ERROR; > } > } > > See? If the content-length is set to some other meaningful value (>= > 0) then the > test is OK. But if not, then maxinput is really useless. > I would suggest we simply junk the maxpost knob and rely on the > maxinput only. > This will make life easier.
Yeah, this broken test looks redundant.