cvs commit: apache-1.3/src/main http_config.c http_protocol.c
fielding98/08/08 23:37:19 Modified:src CHANGES src/include http_config.h httpd.h src/main http_config.c http_protocol.c Log: Added default limits for various aspects of reading a client request to avoid some simple denial of service attacks, including limits on maximum request-line size, number of header fields, size of any one header field, and size of the request message body. Bumped MMN for addition of limit_req_line, limit_req_fields, limit_req_fieldsize and limit_req_body variables to server_rec. Revision ChangesPath 1.1012+6 -0 apache-1.3/src/CHANGES Index: CHANGES === RCS file: /home/cvs/apache-1.3/src/CHANGES,v retrieving revision 1.1011 retrieving revision 1.1012 diff -u -r1.1011 -r1.1012 --- CHANGES 1998/08/08 13:26:04 1.1011 +++ CHANGES 1998/08/09 06:37:12 1.1012 @@ -1,5 +1,11 @@ Changes with Apache 1.3.2 + *) SECURITY: Added default limits for various aspects of reading a + client request to avoid some simple denial of service attacks, + including limits on maximum request-line size, number of header + fields, size of any one header field, and size of the request + message body. [Roy Fielding] + *) Make status module aware of DNS and logging states, even if STATUS not defined. [Jim Jagielski] 1.92 +1 -1 apache-1.3/src/include/http_config.h Index: http_config.h === RCS file: /home/cvs/apache-1.3/src/include/http_config.h,v retrieving revision 1.91 retrieving revision 1.92 diff -u -r1.91 -r1.92 --- http_config.h 1998/08/06 17:30:23 1.91 +++ http_config.h 1998/08/09 06:37:15 1.92 @@ -275,7 +275,7 @@ * handle it back-compatibly, or at least signal an error). */ -#define MODULE_MAGIC_NUMBER 19980806 +#define MODULE_MAGIC_NUMBER 19980808 #define STANDARD_MODULE_STUFF MODULE_MAGIC_NUMBER, -1, __FILE__, NULL, NULL /* Generic accessors for other modules to get at their own module-specific 1.231 +29 -2 apache-1.3/src/include/httpd.h Index: httpd.h === RCS file: /home/cvs/apache-1.3/src/include/httpd.h,v retrieving revision 1.230 retrieving revision 1.231 diff -u -r1.230 -r1.231 --- httpd.h 1998/08/06 19:13:52 1.230 +++ httpd.h 1998/08/09 06:37:16 1.231 @@ -541,6 +541,28 @@ #define REQUEST_CHUNKED_DECHUNK 2 #define REQUEST_CHUNKED_PASS 3 +/* Limits on the size of various request items. These limits primarily + * exist to prevent simple denial-of-service attacks on a server based + * on misuse of the protocol. The recommended values will depend on the + * nature of the server resources -- CGI scripts and database backends + * might require large values, but most servers could get by with much + * smaller limits than we use below. These limits can be reset on a + * per-server basis using the LimitRequestLine, LimitRequestFields, + * LimitRequestFieldSize, and LimitRequestBody configuration directives. + */ +#ifndef DEFAULT_LIMIT_REQUEST_LINE +#define DEFAULT_LIMIT_REQUEST_LINE 8190 +#endif /* default limit on bytes in Request-Line (Method+URI+HTTP-version) */ +#ifndef DEFAULT_LIMIT_REQUEST_FIELDS +#define DEFAULT_LIMIT_REQUEST_FIELDS 100 +#endif /* default limit on number of header fields */ +#ifndef DEFAULT_LIMIT_REQUEST_FIELDSIZE +#define DEFAULT_LIMIT_REQUEST_FIELDSIZE 8190 +#endif /* default limit on bytes in any one field */ +#ifndef DEFAULT_LIMIT_REQUEST_BODY +#define DEFAULT_LIMIT_REQUEST_BODY 33554432ul +#endif /* default limit on bytes in request body */ + /* Things which may vary per file-lookup WITHIN a request --- * e.g., state of MIME config. Basically, the name of an object, info * about the object, and any other info we may ahve which may need to @@ -821,9 +843,14 @@ array_header *names; /* Normal names for ServerAlias servers */ array_header *wild_names;/* Wildcarded names for ServerAlias servers */ + +uid_t server_uid;/* effective user id when calling exec wrapper */ +gid_t server_gid;/* effective group id when calling exec wrapper */ -uid_t server_uid;/* effective user id when calling exec wrapper */ -gid_t server_gid;/* effective group id when calling exec wrapper */ +unsigned int limit_req_line; /* limit on bytes in Request-Line */ +unsigned int limit_req_fields;/* limit on number of header fields */ +unsigned long limit_req_fieldsize; /* limit on bytes in any one field */ +unsigned long limit_req_body; /* limit on bytes in request body */ }; /* These a
cvs commit: apache-1.3/src/main http_config.c http_protocol.c
fielding98/09/25 15:45:01 Modified:src/main http_config.c http_protocol.c Log: Fix warnings and add error-notes to HTTP_REQUEST_URI_TOO_LARGE. Revision ChangesPath 1.131 +4 -1 apache-1.3/src/main/http_config.c Index: http_config.c === RCS file: /home/cvs/apache-1.3/src/main/http_config.c,v retrieving revision 1.130 retrieving revision 1.131 diff -u -r1.130 -r1.131 --- http_config.c 1998/09/25 15:42:12 1.130 +++ http_config.c 1998/09/25 22:45:00 1.131 @@ -1229,7 +1229,10 @@ filename = ap_make_full_path(r->pool, d, w); f = ap_pcfg_openfile(r->pool, filename); } -if (f) { +if (!access_name[0]) { + dc = NULL; +} +else if (f) { dc = ap_create_per_dir_config(r->pool); parms.config_file = f; 1.241 +7 -4 apache-1.3/src/main/http_protocol.c Index: http_protocol.c === RCS file: /home/cvs/apache-1.3/src/main/http_protocol.c,v retrieving revision 1.240 retrieving revision 1.241 diff -u -r1.240 -r1.241 --- http_protocol.c 1998/09/25 12:27:05 1.240 +++ http_protocol.c 1998/09/25 22:45:00 1.241 @@ -2158,7 +2158,7 @@ case BAD_REQUEST: ap_bputs("Your browser sent a request that\n", fd); ap_bputs("this server could not understand.\n", fd); - if (error_notes = ap_table_get(r->notes, "error-notes") != NULL) { + if ((error_notes = ap_table_get(r->notes, "error-notes")) != NULL) { ap_bvputs(fd, error_notes, "\n", NULL); } break; @@ -2195,7 +2195,7 @@ case LENGTH_REQUIRED: ap_bvputs(fd, "A request of the requested method ", r->method, " requires a valid Content-length.\n", NULL); - if (error_notes = ap_table_get(r->notes, "error-notes") != NULL) { + if ((error_notes = ap_table_get(r->notes, "error-notes")) != NULL) { ap_bvputs(fd, error_notes, "\n", NULL); } break; @@ -2238,7 +2238,10 @@ break; case HTTP_REQUEST_URI_TOO_LARGE: ap_bputs("The requested URL's length exceeds the capacity\n", fd); - ap_bputs("limit for this server.\n", fd); + ap_bputs("limit for this server.\n", fd); + if ((error_notes = ap_table_get(r->notes, "error-notes")) != NULL) { + ap_bvputs(fd, error_notes, "\n", NULL); + } break; case HTTP_UNSUPPORTED_MEDIA_TYPE: ap_bputs("The supplied request data is not in a format\n", fd); @@ -2263,7 +2266,7 @@ ap_bputs(" and inform them of the time the error occurred,\n", fd); ap_bputs("and anything you might have done that may have\n", fd); ap_bputs("caused the error.\n", fd); - if (error_notes = ap_table_get(r->notes, "error-notes") != NULL) { + if ((error_notes = ap_table_get(r->notes, "error-notes")) != NULL) { ap_bvputs(fd, error_notes, "\n", NULL); } break;