commit 0647901ef5ccccdd970cd3d63c4d09dde27a7175
parent 0c47574fe9e6ea2d585aa067a92404e4c4770b75
Author: Joris Vink <joris@coders.se>
Date: Fri, 8 Jan 2016 17:54:40 +0100
Improve http_body_max directive a bit.
Allow setting it to 0 which will disable HTTP requests
that have a body (POST/PUT).
Reduce default http_body_max to 1MB by default, 10MB seems large.
Revisit to this code inspired by #100.
Diffstat:
5 files changed, 14 insertions(+), 7 deletions(-)
diff --git a/conf/kore.conf.example b/conf/kore.conf.example
@@ -59,7 +59,8 @@ workers 4
# http_header_max Maximum size of HTTP headers (in bytes).
#
# http_body_max Maximum size of an HTTP body (in bytes).
-#
+# If set to 0 disallows requests with a body
+# all together.
# http_keepalive_time Maximum seconds an HTTP connection can be
# kept alive by the browser.
# (Set to 0 to disable keepalive completely).
@@ -71,7 +72,7 @@ workers 4
# http_request_limit Limit the number of requests Kore processes
# in a single event loop.
#http_header_max 4096
-#http_body_max 10240000
+#http_body_max 1024000
#http_keepalive_time 0
#http_hsts_enable 31536000
#http_request_limit 1000
diff --git a/includes/http.h b/includes/http.h
@@ -26,7 +26,7 @@ extern "C" {
#define HTTP_KEEPALIVE_TIME 20
#define HTTP_HSTS_ENABLE 31536000
#define HTTP_HEADER_MAX_LEN 4096
-#define HTTP_BODY_MAX_LEN 10240000
+#define HTTP_BODY_MAX_LEN 1024000
#define HTTP_URI_LEN 2000
#define HTTP_USERAGENT_LEN 256
#define HTTP_REQ_HEADER_MAX 25
diff --git a/includes/kore.h b/includes/kore.h
@@ -73,11 +73,11 @@ extern int daemon(int, int);
#define KORE_DEFAULT_CIPHER_LIST "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!kRSA:!kDSA"
#if defined(KORE_DEBUG)
-#define kore_debug(fmt, ...) \
+#define kore_debug(...) \
if (kore_debug) \
- kore_debug_internal(__FILE__, __LINE__, fmt, ##__VA_ARGS__)
+ kore_debug_internal(__FILE__, __LINE__, ##__VA_ARGS__)
#else
-#define kore_debug(fmt, ...)
+#define kore_debug(...)
#endif
#define NETBUF_RECV 0
diff --git a/src/config.c b/src/config.c
@@ -536,7 +536,7 @@ configure_http_body_max(char **argv)
return (KORE_RESULT_ERROR);
}
- http_body_max = kore_strtonum(argv[1], 10, 1, LONG_MAX, &err);
+ http_body_max = kore_strtonum(argv[1], 10, 0, LONG_MAX, &err);
if (err != KORE_RESULT_OK) {
printf("bad http_body_max value: %s\n", argv[1]);
return (KORE_RESULT_ERROR);
diff --git a/src/http.c b/src/http.c
@@ -591,6 +591,12 @@ http_header_recv(struct netbuf *nb)
}
if (req->flags & HTTP_REQUEST_EXPECT_BODY) {
+ if (http_body_max == 0) {
+ req->flags |= HTTP_REQUEST_DELETE;
+ http_error_response(req->owner, 405);
+ return (KORE_RESULT_OK);
+ }
+
if (!http_request_header(req, "content-length", &p)) {
kore_debug("expected body but no content-length");
req->flags |= HTTP_REQUEST_DELETE;
