------------------------------------------------------------ revno: 9654 revision-id: squid3@treenet.co.nz-20090726102320-y5yi11rxjlv6ymis parent: squid3@treenet.co.nz-20090723132758-g3zuvidwk22f90j9 committer: Amos Jeffries branch nick: SQUID_3_1 timestamp: Sun 2009-07-26 22:23:20 +1200 message: Bug 2674: Remove limit on HTTP headers read. Headers may be accumulated over more than one read. It does not make sense to limit the internal copy of the accumulated read buffer to 64KB. Reverts the internal read buffer to MemBuf defaults. This may cause issues where headers are of unbounded size. But those are expected to be caught by the header parser. Check buffer limits before parsing and return error on all bad parse cases. No exceptions. ------------------------------------------------------------ # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: squid3@treenet.co.nz-20090726102320-y5yi11rxjlv6ymis # target_branch: http://www.squid-cache.org/bzr/squid3/trunk/ # testament_sha1: 6cbc98f6f5e96b51e104c66af7a5eb07e87f799a # timestamp: 2009-07-26 10:41:34 +0000 # source_branch: http://www.squid-cache.org/bzr/squid3/trunk/ # base_revision_id: squid3@treenet.co.nz-20090723132758-\ # g3zuvidwk22f90j9 # # Begin patch === modified file 'src/HttpMsg.cc' --- src/HttpMsg.cc 2009-07-18 09:40:52 +0000 +++ src/HttpMsg.cc 2009-07-26 10:23:20 +0000 @@ -189,6 +189,7 @@ if (res == 0) { debugs(58, 2, "HttpMsg::parse: strange, need more data near '" << buf->content() << "'"); + *error = HTTP_INVALID_HEADER; return false; // but this should not happen due to headersEnd() above } === modified file 'src/client_side.cc' --- src/client_side.cc 2009-07-23 13:24:39 +0000 +++ src/client_side.cc 2009-07-26 10:23:20 +0000 @@ -1931,6 +1931,17 @@ /* pre-set these values to make aborting simpler */ *method_p = METHOD_NONE; + /* NP: don't be tempted to move this down or remove again. + * It's the only DDoS protection old-String has against long URL */ + if ( hp->bufsiz <= 0) { + debugs(33, 5, "Incomplete request, waiting for end of request line"); + return NULL; + } + else if ( (size_t)hp->bufsiz >= Config.maxRequestHeaderSize && headersEnd(hp->buf, Config.maxRequestHeaderSize) == 0) { + debugs(33, 5, "parseHttpRequest: Too large request"); + return parseHttpRequestAbort(conn, "error:request-too-large"); + } + /* Attempt to parse the first line; this'll define the method, url, version and header begin */ r = HttpParserParseReqLine(hp); === modified file 'src/http.cc' --- src/http.cc 2009-07-18 09:40:52 +0000 +++ src/http.cc 2009-07-26 10:23:20 +0000 @@ -84,7 +84,7 @@ surrogateNoStore = false; fd = fwd->server_fd; readBuf = new MemBuf; - readBuf->init(4096, SQUID_TCP_SO_RCVBUF); + readBuf->init(); orig_request = HTTPMSGLOCK(fwd->request); // reset peer response time stats for %