From e5c81bcae0e402877fc9b6c54f91ef9ef3267b67 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sun, 21 Jun 2020 12:10:45 +0200 Subject: 413 limits --- src/backend/taler-merchant-httpd.c | 33 ++++++++++++++++++++++++--------- 1 file changed, 24 insertions(+), 9 deletions(-) (limited to 'src/backend/taler-merchant-httpd.c') diff --git a/src/backend/taler-merchant-httpd.c b/src/backend/taler-merchant-httpd.c index 314e65a4..4fdd9f6d 100644 --- a/src/backend/taler-merchant-httpd.c +++ b/src/backend/taler-merchant-httpd.c @@ -804,7 +804,12 @@ url_handler (void *cls, { .url_prefix = "/products", .method = MHD_HTTP_METHOD_POST, - .handler = &TMH_private_post_products + .handler = &TMH_private_post_products, + /* allow product data of up to 8 MB, that should be plenty; + note that exceeding #GNUNET_MAX_MALLOC_CHECKED (40 MB) + would require further changes to the allocation logic + in the code... */ + .max_upload = 1024 * 1024 * 8 }, /* GET /products/$ID/: */ { @@ -825,7 +830,12 @@ url_handler (void *cls, .url_prefix = "/products/", .method = MHD_HTTP_METHOD_PATCH, .have_id_segment = true, - .handler = &TMH_private_patch_products_ID + .handler = &TMH_private_patch_products_ID, + /* allow product data of up to 8 MB, that should be plenty; + note that exceeding #GNUNET_MAX_MALLOC_CHECKED (40 MB) + would require further changes to the allocation logic + in the code... */ + .max_upload = 1024 * 1024 * 8 }, /* POST /products/$ID/lock: */ { @@ -839,7 +849,12 @@ url_handler (void *cls, { .url_prefix = "/orders", .method = MHD_HTTP_METHOD_POST, - .handler = &TMH_private_post_orders + .handler = &TMH_private_post_orders, + /* allow contracts of up to 8 MB, that should be plenty; + note that exceeding #GNUNET_MAX_MALLOC_CHECKED (40 MB) + would require further changes to the allocation logic + in the code... */ + .max_upload = 1024 * 1024 * 8 }, /* GET /orders/$ID: */ { @@ -1006,7 +1021,10 @@ url_handler (void *cls, .method = MHD_HTTP_METHOD_POST, .have_id_segment = true, .url_suffix = "pickup", - .handler = &TMH_post_tips_ID_pickup + .handler = &TMH_post_tips_ID_pickup, + /* wallet may give us many coins to sign, allow 1 MB of upload + to set a conservative bound for sane wallets */ + .max_upload = 1024 * 1024 }, { NULL @@ -1288,6 +1306,8 @@ url_handler (void *cls, { const char *cl; + /* Maybe check for maximum upload size + and refuse requests if they are just too big. */ cl = MHD_lookup_connection_value (connection, MHD_HEADER_KIND, MHD_HTTP_HEADER_CONTENT_LENGTH); @@ -1315,11 +1335,6 @@ url_handler (void *cls, "upload exceeds limit"); } } - - /* FIXME: Maybe check for maximum upload size here - and refuse if it is too big? (Note: maximum upload - size may need to vary based on the handler.) */ - GNUNET_break (NULL == hc->request_body); /* can't have it already */ return MHD_YES; /* proceed with upload */ } -- cgit v1.2.3