diff options
| author | Christian Grothoff <christian@grothoff.org> | 2020-06-21 12:10:45 +0200 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2020-06-21 12:10:45 +0200 |
| commit | e5c81bcae0e402877fc9b6c54f91ef9ef3267b67 (patch) | |
| tree | 9f8e8636153a4281d00d089ef0e2fa43d505bc76 /src/backend/taler-merchant-httpd.c | |
| parent | 5341e4d62ab3ff635af98c5fc2326ae9f717322f (diff) | |
| download | merchant-e5c81bcae0e402877fc9b6c54f91ef9ef3267b67.tar.gz merchant-e5c81bcae0e402877fc9b6c54f91ef9ef3267b67.tar.bz2 merchant-e5c81bcae0e402877fc9b6c54f91ef9ef3267b67.zip | |
413 limits
Diffstat (limited to 'src/backend/taler-merchant-httpd.c')
| -rw-r--r-- | src/backend/taler-merchant-httpd.c | 33 |
1 files changed, 24 insertions, 9 deletions
diff --git a/src/backend/taler-merchant-httpd.c b/src/backend/taler-merchant-httpd.c index 314e65a4..4fdd9f6d 100644 --- a/src/backend/taler-merchant-httpd.c +++ b/src/backend/taler-merchant-httpd.c @@ -804,7 +804,12 @@ url_handler (void *cls, { .url_prefix = "/products", .method = MHD_HTTP_METHOD_POST, - .handler = &TMH_private_post_products + .handler = &TMH_private_post_products, + /* allow product data of up to 8 MB, that should be plenty; + note that exceeding #GNUNET_MAX_MALLOC_CHECKED (40 MB) + would require further changes to the allocation logic + in the code... */ + .max_upload = 1024 * 1024 * 8 }, /* GET /products/$ID/: */ { @@ -825,7 +830,12 @@ url_handler (void *cls, .url_prefix = "/products/", .method = MHD_HTTP_METHOD_PATCH, .have_id_segment = true, - .handler = &TMH_private_patch_products_ID + .handler = &TMH_private_patch_products_ID, + /* allow product data of up to 8 MB, that should be plenty; + note that exceeding #GNUNET_MAX_MALLOC_CHECKED (40 MB) + would require further changes to the allocation logic + in the code... */ + .max_upload = 1024 * 1024 * 8 }, /* POST /products/$ID/lock: */ { @@ -839,7 +849,12 @@ url_handler (void *cls, { .url_prefix = "/orders", .method = MHD_HTTP_METHOD_POST, - .handler = &TMH_private_post_orders + .handler = &TMH_private_post_orders, + /* allow contracts of up to 8 MB, that should be plenty; + note that exceeding #GNUNET_MAX_MALLOC_CHECKED (40 MB) + would require further changes to the allocation logic + in the code... */ + .max_upload = 1024 * 1024 * 8 }, /* GET /orders/$ID: */ { @@ -1006,7 +1021,10 @@ url_handler (void *cls, .method = MHD_HTTP_METHOD_POST, .have_id_segment = true, .url_suffix = "pickup", - .handler = &TMH_post_tips_ID_pickup + .handler = &TMH_post_tips_ID_pickup, + /* wallet may give us many coins to sign, allow 1 MB of upload + to set a conservative bound for sane wallets */ + .max_upload = 1024 * 1024 }, { NULL @@ -1288,6 +1306,8 @@ url_handler (void *cls, { const char *cl; + /* Maybe check for maximum upload size + and refuse requests if they are just too big. */ cl = MHD_lookup_connection_value (connection, MHD_HEADER_KIND, MHD_HTTP_HEADER_CONTENT_LENGTH); @@ -1315,11 +1335,6 @@ url_handler (void *cls, "upload exceeds limit"); } } - - /* FIXME: Maybe check for maximum upload size here - and refuse if it is too big? (Note: maximum upload - size may need to vary based on the handler.) */ - GNUNET_break (NULL == hc->request_body); /* can't have it already */ return MHD_YES; /* proceed with upload */ } |