On 6/16/05, Zoran Vasiljevic <[EMAIL PROTECTED]> wrote:
>
> Am 16.06.2005 um 19:40 schrieb Vlad Seryakov:
>
> > It looks like maxpost just checks Content-Length: header, it is not
> > hard limit like maxinput which limits the real memory buffer for
> > uploaded content.
> >
>
> As I see, the maxpost test can be easily dwarfed by somebody giving the
> content-length of -1 (or less). In that case the code in SockRead()
> at the line 1481 will just ignore the maxpost setting:
>
> s = Ns_SetIGet(reqPtr->headers, "content-length");
> if (s != NULL) {
> reqPtr->length = atoi(s);
> if (reqPtr->length < 0
> && reqPtr->length > sockPtr->drvPtr->servPtr-
> >limits.maxpost) {
> return SOCK_ERROR;
> }
> }
>
> See? If the content-length is set to some other meaningful value (>=
> 0) then the
> test is OK. But if not, then maxinput is really useless.
> I would suggest we simply junk the maxpost knob and rely on the
> maxinput only.
> This will make life easier.
Yeah, this broken test looks redundant.
