Project

General

Profile

Bug #2131

max-request-size comparing mistake

Added by liming about 7 years ago. Updated 9 months ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
core
Target version:
Start date:
2009-12-30
Due date:
% Done:

100%

Missing in 1.5.x:
No

Description

There is a bug in request.c line 577:

573     /* check if we have read post data */
574     if (con->request.content_length != -1) {
575         /* divide by 1024 as srvconf.max_request_size is in kBytes */
576         if (srv->srvconf.max_request_size != 0 &&
577             ((size_t)(con->request.content_length >> 10)) > srv->srvconf.max_request_size) {
578             /* the request body itself is larger then
579              * our our max_request_size
580              */
581 
582             con->http_status = 413;
583             con->keep_alive = 0;
584 

if server.max-request-size = 1, client sends a post request with content-length: 1300 (>1024) , it will pass.

I think the condition should be "con->request.content_length > (srv->srvconf.max_request_size << 10)"

request.patch View (529 Bytes) liming, 2009-12-30 08:42

Associated revisions

Revision 28841bfc (diff)
Added by gstrauss 9 months ago

[core] fix server.max-request-size to be precise (fixes #2131)

(previously would allow up to 1k data above configured limit)

x-ref:
"max-request-size comparing mistake"
https://redmine.lighttpd.net/issues/2131

History

#1 Updated by liming about 7 years ago

this patch is for lighttpd 1.5 core

#2 Updated by stbuehler about 7 years ago

  • Target version set to 1.5.0

#3 Updated by gstrauss about 1 year ago

lighttpd 1.4 request.c contains the following (after checking srv->srvconf.max_request_size is non-zero)

(con->request.content_length >> 10) > srv->srvconf.max_request_size)

1.5.x branch has been abandoned. Please withdraw ticket.

#4 Updated by stbuehler about 1 year ago

gstrauss wrote:

1.5.x branch has been abandoned. Please withdraw ticket.

As long as the target version is 1.5.0 those issues are fine for now; I could probably close them in one go, perhaps adding a new Status "Not supported anymore" or something like that for it.

#5 Updated by gstrauss 9 months ago

  • Category set to core
  • Target version changed from 1.5.0 to 1.4.40

@liming: you are correct, this is a minor bug. It allows up to 1k more data than the configured limit

A patch is staged which makes server.max-request-size more precise. Thanks for your report.

#6 Updated by gstrauss 9 months ago

  • Status changed from Patch Pending to Fixed
  • % Done changed from 0 to 100

Also available in: Atom