diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2016-07-30 11:44:53 +0100 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2016-07-30 11:44:53 +0100 |
| commit | f58e36df4d8e262134dc145bb08757928fa774a9 (patch) | |
| tree | 09457a0819aaa5072e7d4ca50fe9783a3600e999 /src/libutil | |
| parent | 7d8e0702811eeaf4ca86c17b3c378be37c43b7eb (diff) | |
| download | rspamd-f58e36df4d8e262134dc145bb08757928fa774a9.tar.gz rspamd-f58e36df4d8e262134dc145bb08757928fa774a9.zip | |
[Feature] Allow limiting of the inbound message size
- Set default limit to 50MB
- Reply even in case of HTTP errors
Diffstat (limited to 'src/libutil')
| -rw-r--r-- | src/libutil/http.c | 39 | ||||
| -rw-r--r-- | src/libutil/http.h | 6 | ||||
| -rw-r--r-- | src/libutil/util.c | 2 |
3 files changed, 43 insertions, 4 deletions
diff --git a/src/libutil/http.c b/src/libutil/http.c index dd3302ee3..03d28db77 100644 --- a/src/libutil/http.c +++ b/src/libutil/http.c @@ -39,7 +39,8 @@ struct _rspamd_http_privbuf { enum rspamd_http_priv_flags { RSPAMD_HTTP_CONN_FLAG_ENCRYPTED = 1 << 0, RSPAMD_HTTP_CONN_FLAG_NEW_HEADER = 1 << 1, - RSPAMD_HTTP_CONN_FLAG_RESETED = 1 << 2 + RSPAMD_HTTP_CONN_FLAG_RESETED = 1 << 2, + RSPAMD_HTTP_CONN_FLAG_TOO_LARGE = 1 << 3, }; #define IS_CONN_ENCRYPTED(c) ((c)->flags & RSPAMD_HTTP_CONN_FLAG_ENCRYPTED) @@ -101,6 +102,7 @@ static const rspamd_ftok_t last_modified_header = { .begin = "Last-Modified", .len = 13 }; +static gsize rspamd_http_global_max_size = 0; static void rspamd_http_message_storage_cleanup (struct rspamd_http_message *msg); static gboolean rspamd_http_message_grow_body (struct rspamd_http_message *msg, @@ -615,6 +617,14 @@ rspamd_http_on_headers_complete (http_parser * parser) priv->flags &= ~RSPAMD_HTTP_CONN_FLAG_NEW_HEADER; } + if (conn->type == RSPAMD_HTTP_SERVER && + rspamd_http_global_max_size > 0 && + parser->content_length > rspamd_http_global_max_size) { + /* Too large message */ + priv->flags |= RSPAMD_HTTP_CONN_FLAG_TOO_LARGE; + return -1; + } + if (!rspamd_http_message_set_body (msg, NULL, parser->content_length)) { return -1; } @@ -653,6 +663,14 @@ rspamd_http_on_body (http_parser * parser, const gchar *at, size_t length) pbuf = priv->buf; p = at; + if (conn->type == RSPAMD_HTTP_SERVER && + rspamd_http_global_max_size > 0 && + msg->body_buf.len + length > rspamd_http_global_max_size) { + /* Body length overflow */ + priv->flags |= RSPAMD_HTTP_CONN_FLAG_TOO_LARGE; + return -1; + } + if (!pbuf->zc_buf) { if (!rspamd_http_message_append_body (msg, at, length)) { return -1; @@ -1077,9 +1095,16 @@ rspamd_http_event_handler (int fd, short what, gpointer ud) if (r > 0) { if (http_parser_execute (&priv->parser, &priv->parser_cb, d, r) != (size_t)r || priv->parser.http_errno != 0) { - err = g_error_new (HTTP_ERROR, priv->parser.http_errno, - "HTTP parser error: %s", - http_errno_description (priv->parser.http_errno)); + if (priv->flags & RSPAMD_HTTP_CONN_FLAG_TOO_LARGE) { + err = g_error_new (HTTP_ERROR, 413, + "Request entity too large"); + } + else { + err = g_error_new (HTTP_ERROR, priv->parser.http_errno, + "HTTP parser error: %s", + http_errno_description (priv->parser.http_errno)); + } + conn->error_handler (conn, err); g_error_free (err); @@ -2511,6 +2536,12 @@ rspamd_http_message_storage_cleanup (struct rspamd_http_message *msg) } void +rspamd_http_message_set_max_size (gsize sz) +{ + rspamd_http_global_max_size = sz; +} + +void rspamd_http_message_free (struct rspamd_http_message *msg) { struct rspamd_http_header *hdr, *htmp; diff --git a/src/libutil/http.h b/src/libutil/http.h index 2755638db..8223feb17 100644 --- a/src/libutil/http.h +++ b/src/libutil/http.h @@ -386,6 +386,12 @@ gboolean rspamd_http_message_remove_header (struct rspamd_http_message *msg, void rspamd_http_message_free (struct rspamd_http_message *msg); /** + * Sets global maximum size for HTTP message being processed + * @param sz + */ +void rspamd_http_message_set_max_size (gsize sz); + +/** * Increase refcount for shared file (if any) to prevent early memory unlinking * @param msg */ diff --git a/src/libutil/util.c b/src/libutil/util.c index 762c8d557..ca18a7fcc 100644 --- a/src/libutil/util.c +++ b/src/libutil/util.c @@ -2118,6 +2118,8 @@ rspamd_config_libs (struct rspamd_external_libs_ctx *ctx, magic_load (ctx->libmagic, cfg->magic_file); } } + + rspamd_http_message_set_max_size (cfg->max_message); } void |