Skip to content

Commit 2bdbda9

Browse files
wlandrywlandry
committed
Properly limit the maximum size of the content and any processed posts or arguments. The default is unlimited.
1 parent 369707b commit 2bdbda9

File tree

3 files changed

+23
-12
lines changed

3 files changed

+23
-12
lines changed

src/httpserver/create_webserver.hpp

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,7 @@ class create_webserver
5252
_max_threads(0),
5353
_max_connections(0),
5454
_memory_limit(0),
55-
_content_size_limit(0),
55+
_content_size_limit(static_cast<size_t>(-1)),
5656
_connection_timeout(DEFAULT_WS_TIMEOUT),
5757
_per_IP_connection_limit(0),
5858
_log_access(0x0),
@@ -94,7 +94,7 @@ class create_webserver
9494
_max_threads(0),
9595
_max_connections(0),
9696
_memory_limit(0),
97-
_content_size_limit(0),
97+
_content_size_limit(static_cast<size_t>(-1)),
9898
_connection_timeout(DEFAULT_WS_TIMEOUT),
9999
_per_IP_connection_limit(0),
100100
_log_access(0x0),

src/httpserver/http_request.hpp

Lines changed: 19 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -361,7 +361,7 @@ class http_request
361361
* Default constructor of the class. It is a specific responsibility of apis to initialize this type of objects.
362362
**/
363363
http_request():
364-
content("")
364+
content(""), content_size_limit(static_cast<size_t>(-1))
365365
{
366366
}
367367
/**
@@ -381,6 +381,7 @@ class http_request
381381
args(b.args),
382382
querystring(b.querystring),
383383
content(b.content),
384+
content_size_limit(b.content_size_limit),
384385
version(b.version),
385386
requestor(b.requestor),
386387
underlying_connection(b.underlying_connection)
@@ -398,6 +399,7 @@ class http_request
398399
std::map<std::string, std::string, http::arg_comparator> args;
399400
std::string querystring;
400401
std::string content;
402+
size_t content_size_limit;
401403
std::string version;
402404
std::string requestor;
403405

@@ -442,7 +444,7 @@ class http_request
442444
**/
443445
void set_arg(const std::string& key, const std::string& value)
444446
{
445-
this->args[key] = value;
447+
this->args[key] = value.substr(0,content_size_limit);
446448
}
447449
/**
448450
* Method used to set an argument value by key.
@@ -452,29 +454,37 @@ class http_request
452454
**/
453455
void set_arg(const char* key, const char* value, size_t size)
454456
{
455-
this->args[key] = std::string(value, size);
457+
this->args[key] = std::string(value,
458+
std::min(size, content_size_limit));
456459
}
457460
/**
458461
* Method used to set the content of the request
459462
* @param content The content to set.
460463
**/
461464
void set_content(const std::string& content)
462465
{
463-
this->content = content;
466+
this->content = content.substr(0,content_size_limit);
467+
}
468+
/**
469+
* Method used to set the maximum size of the content
470+
* @param content_size_limit The limit on the maximum size of the content and arg's.
471+
**/
472+
void set_content_size_limit(size_t content_size_limit)
473+
{
474+
this->content_size_limit = content_size_limit;
464475
}
465476
/**
466477
* Method used to append content to the request preserving the previous inserted content
467478
* @param content The content to append.
468479
* @param size The size of the data to append.
469480
**/
470-
void grow_content(const char* content, size_t size,
471-
size_t content_size_limit)
481+
void grow_content(const char* content, size_t size)
472482
{
473483
this->content.append(content, size);
474484
if (this->content.size() > content_size_limit)
475-
{
485+
{
476486
this->content.resize (content_size_limit);
477-
}
487+
}
478488
}
479489
/**
480490
* Method used to set the path requested.
@@ -565,7 +575,7 @@ class http_request
565575
{
566576
std::map<std::string, std::string>::const_iterator it;
567577
for(it = args.begin(); it != args.end(); ++it)
568-
this->args[it->first] = it->second;
578+
this->args[it->first] = it->second.substr(0,content_size_limit);
569579
}
570580
/**
571581
* Method used to set the username of the request.

src/webserver.cpp

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -655,6 +655,7 @@ int webserver::bodyfull_requests_answer_first_step(
655655
{
656656
mr->second = true;
657657
mr->dhr = new http_request();
658+
mr->dhr->set_content_size_limit(content_size_limit);
658659
const char *encoding = MHD_lookup_connection_value (
659660
connection,
660661
MHD_HEADER_KIND,
@@ -699,7 +700,7 @@ int webserver::bodyfull_requests_answer_second_step(
699700
#ifdef DEBUG
700701
cout << "Writing content: " << upload_data << endl;
701702
#endif //DEBUG
702-
mr->dhr->grow_content(upload_data, *upload_data_size, content_size_limit);
703+
mr->dhr->grow_content(upload_data, *upload_data_size);
703704

704705
if (mr->pp != NULL) MHD_post_process(mr->pp, upload_data, *upload_data_size);
705706
*upload_data_size = 0;

0 commit comments

Comments
 (0)