diff options
| author | Christian Grothoff <christian@grothoff.org> | 2020-06-21 12:05:56 +0200 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2020-06-21 12:05:56 +0200 |
| commit | 5341e4d62ab3ff635af98c5fc2326ae9f717322f (patch) | |
| tree | a2b7feb96a2dfadb59dd168e02bc59d0ed659670 /src/backend/taler-merchant-httpd.c | |
| parent | 4621e2ea42eed868fa842889a32c7f90b52a863f (diff) | |
| download | merchant-5341e4d62ab3ff635af98c5fc2326ae9f717322f.tar.gz merchant-5341e4d62ab3ff635af98c5fc2326ae9f717322f.tar.bz2 merchant-5341e4d62ab3ff635af98c5fc2326ae9f717322f.zip | |
address 413 fixme
Diffstat (limited to 'src/backend/taler-merchant-httpd.c')
| -rw-r--r-- | src/backend/taler-merchant-httpd.c | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/src/backend/taler-merchant-httpd.c b/src/backend/taler-merchant-httpd.c index f3d8d757..314e65a4 100644 --- a/src/backend/taler-merchant-httpd.c +++ b/src/backend/taler-merchant-httpd.c @@ -66,6 +66,11 @@ */ #define UNIX_BACKLOG 500 +/** + * Default maximum upload size permitted. Can be overridden + * per handler. + */ +#define DEFAULT_MAX_UPLOAD_SIZE (16 * 1024) /** * Which currency do we use? @@ -1029,6 +1034,22 @@ url_handler (void *cls, { int res; + if ( (hc->total_upload + *upload_data_size < hc->total_upload) || + (hc->total_upload + *upload_data_size > hc->rh->max_upload) ) + { + /* Client exceeds upload limit. Should _usually_ be checked earlier + when we look at the MHD_HTTP_HEADER_CONTENT_LENGTH, alas with + chunked encoding an uploader MAY have ommitted this, and thus + not permitted us to check on time. In this case, we just close + the connection once it exceeds our limit (instead of waiting + for the upload to complete and then fail). This could theoretically + cause some clients to retry, alas broken or malicious clients + are likely to retry anyway, so little we can do about it, and + failing earlier seems the best option here. */// + GNUNET_break_op (0); + return MHD_NO; + } + hc->total_upload += *upload_data_size; res = TALER_MHD_parse_post_json (connection, &hc->json_parse_context, upload_data, @@ -1265,6 +1286,36 @@ url_handler (void *cls, MHD_HTTP_METHOD_PATCH)) ); if (hc->has_body) { + const char *cl; + + cl = MHD_lookup_connection_value (connection, + MHD_HEADER_KIND, + MHD_HTTP_HEADER_CONTENT_LENGTH); + if (NULL != cl) + { + unsigned long long cv; + size_t mul = hc->rh->max_upload; + + if (0 == mul) + mul = DEFAULT_MAX_UPLOAD_SIZE; + if (1 != sscanf (cl, + "%llu", + &cv)) + { + /* Not valid HTTP request, just close connection. */ + GNUNET_break_op (0); + return MHD_NO; + } + if (cv > mul) + { + GNUNET_break_op (0); + return TALER_MHD_reply_with_error (connection, + MHD_HTTP_PAYLOAD_TOO_LARGE, + TALER_EC_UPLOAD_EXCEEDS_LIMIT, + "upload exceeds limit"); + } + } + /* FIXME: Maybe check for maximum upload size here and refuse if it is too big? (Note: maximum upload size may need to vary based on the handler.) */ |