Re: /bzr/squid3/trunk/ r9766: Bug 2674: Remove limit on HTTP headers read.

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 27 Jun 2009 16:26:14 +1200

Alex Rousskov wrote:
> On 06/26/2009 01:02 AM, Amos Jeffries wrote:
>> ------------------------------------------------------------
>> revno: 9766
>> committer: Amos Jeffries <squid3_at_treenet.co.nz>
>> branch nick: 3.HEAD
>> timestamp: Fri 2009-06-26 19:02:45 +1200
>> message:
>> Bug 2674: Remove limit on HTTP headers read.
>>
>> Headers may be accumulated over more than one read. It does not make
>> sense to limit the internal copy of the accumulated read buffer to 64KB.
>>
>> Reverts the internal read buffer to MemBuf defaults. This may cause
>> issues where headers are of unbounded size. But those are expected to be
>> caught by the header parser.
>> modified:
>> src/http.cc
>
> Hi Amos,
>
> FYI: I have seen Squid crash if request header size limit is set to
> "none" or a large value in squid.conf. There were several problems
> leading to those crashes, some of them having to do with header
> field->string conversions (String size limits are about 64K). Perhaps
> things changed in v3.1, but in v3.0 the header parser was not catching
> or could not catch all of the corner cases.
>
> One of the test cases is a forwarding loop with unlimited X-Forward-For
> growth.
>
> I am not saying the changes should be reverted. Just want to share the
> above info in case you start seeing crashes on large headers.
>
> HTH,
>
> Alex.

Ouch. Okay. Thank you.

Definitely no back-porting of this then. Not even to 3.1 since the
string fixups were Kinkies work intended for 3.2 when you have time to
audit the sringng patch.

There is still a MemBuf limit in affect here. It's just the 1GB one now
instead of 64KB.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE16
   Current Beta Squid 3.1.0.9
Received on Sat Jun 27 2009 - 04:26:21 MDT

This archive was generated by hypermail 2.2.0 : Sat Jun 27 2009 - 12:00:04 MDT