www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-05 16:55:50 +03:00
Code Activity

mod_lua: Only read up to whatever the user defines as max size when using r:parsebody() - if content length is greater, return an error.

Browse Source 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1572703 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Daniel Gruno
2014-02-27 19:10:55 +00:00
parent a65687806d
commit 760d584e2b
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
modules/lua/lua_request.c
View File

@@ -15,6 +15,8 @@
* limitations under the License.
*/
#include <mod_core.h>
#include "mod_lua.h"
#include "lua_apr.h"
#include "lua_dbd.h"
@@ -228,7 +230,8 @@ static int req_aprtable2luatable_cb_len(void *l, const char *key,
requests. Used for multipart POST data.
=======================================================================================================================
*/
static int lua_read_body(request_rec *r, const char **rbuf, apr_off_t *size)
static int lua_read_body(request_rec *r, const char **rbuf, apr_off_t *size,
apr_off_t *maxsize)
{
int rc = OK;
@@ -243,6 +246,9 @@ static int lua_read_body(request_rec *r, const char **rbuf, apr_off_t *size)
apr_off_t length = r->remaining;
/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
if (maxsize != 0 && length > maxsize) {
return APR_EINCOMPLETE; /* Only room for incomplete data chunk :( */
}
*rbuf = (const char *) apr_pcalloc(r->pool, (apr_size_t) (length + 1));
*size = length;
while ((len_read = ap_get_client_block(r, argsbuffer, sizeof(argsbuffer))) > 0) {
@@ -336,7 +342,7 @@ static int req_parsebody(lua_State *L)
int i;
size_t vlen = 0;
size_t len = 0;
if (lua_read_body(r, &data, (apr_off_t*) &size) != OK) {
if (lua_read_body(r, &data, (apr_off_t*) &size, max_post_size) != OK) {
return 2;
}
len = strlen(multipart);
@@ -411,7 +417,7 @@ static int lua_ap_requestbody(lua_State *L)
if (!filename) {
const char *data;
if (lua_read_body(r, &data, &size) != OK)
if (lua_read_body(r, &data, &size, maxSize) != OK)
return (0);
lua_pushlstring(L, data, (size_t) size);