mod_ssl: Make the size of the per-dir-reneg request-body buffer

configurable, by popular demand: * modules/ssl/ssl_private.h: Define DEFAULT_RENEG_BUFFER_SIZE. (SSLDirConfigRec): Add nRenegBufferSize field. * modules/ssl/ssl_engine_config.c (ssl_cmd_SSLRenegBufferSize): New function. (ssl_config_perdir_create, ssl_config_perdir_merge): Handle nRenegBufferSize. * modules/ssl/ssl_engine_io.c (ssl_io_buffer_fill): Take max buffer size as an argument rather than compile-time constant. * modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Pass nRenegBufferSize to ssl_io_buffer_fill. * modules/ssl/mod_ssl.c (ssl_config_cmds): Add SSLRenegBufferSize. PR: 39243 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@726109 13f79535-47bb-0310-9956-ffa450edef68
2025-08-08 15:02:10 +03:00 · 2008-12-12 20:20:40 +00:00
parent 6809bb4554
commit b06785833f
6 changed files with 47 additions and 12 deletions
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -601,8 +601,14 @@ int ssl_hook_Access(request_rec *r)
        && !r->expecting_100) {
        int rv;

-        /* Fill the I/O buffer with the request body if possible. */
-        rv = ssl_io_buffer_fill(r);
+        if (dc->nRenegBufferSize > 0) {
+            /* Fill the I/O buffer with the request body if possible. */
+            rv = ssl_io_buffer_fill(r, dc->nRenegBufferSize);
+        }
+        else {
+            /* If the reneg buffer size is set to zero, just fail. */
+            rv = HTTP_REQUEST_ENTITY_TOO_LARGE;
+        }

        if (rv) {
            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,