* [PATCH 3/3] http: reject excessively large HTTP request bodies
2016-03-06 2:09 6% [PATCH 0/3] http: some DoS prevention Eric Wong
@ 2016-03-06 2:09 7% ` Eric Wong
0 siblings, 0 replies; 2+ results
From: Eric Wong @ 2016-03-06 2:09 UTC (permalink / raw)
To: meta; +Cc: Eric Wong
We cannot risk using all of a users' disk space buffering
gigantic requests. Use the defaults git gives us since
we primarily host git repositories.
---
lib/PublicInbox/HTTP.pm | 13 +++++++++++++
t/httpd-corner.t | 21 +++++++++++++++++++++
2 files changed, 34 insertions(+)
diff --git a/lib/PublicInbox/HTTP.pm b/lib/PublicInbox/HTTP.pm
index 15db139..0675f6a 100644
--- a/lib/PublicInbox/HTTP.pm
+++ b/lib/PublicInbox/HTTP.pm
@@ -24,6 +24,12 @@ use constant {
CHUNK_MAX_HDR => 256,
};
+# Use the same configuration parameter as git since this is primarily
+# a slow-client sponge for git-http-backend
+# TODO: support per-respository http.maxRequestBuffer somehow...
+our $MAX_REQUEST_BUFFER = $ENV{GIT_HTTP_MAX_REQUEST_BUFFER} ||
+ (10 * 1024 * 1024);
+
my $null_io = IO::File->new('/dev/null', '<');
my $http_date;
my $prev = 0;
@@ -232,6 +238,10 @@ sub input_prepare {
my $input = $null_io;
my $len = $env->{CONTENT_LENGTH};
if ($len) {
+ if ($len > $MAX_REQUEST_BUFFER) {
+ quit($self, 413);
+ return;
+ }
$input = IO::File->new_tmpfile;
} elsif (env_chunked($env)) {
$len = CHUNK_START;
@@ -306,6 +316,9 @@ sub event_read_input_chunked { # unlikely...
if ($len == CHUNK_START) {
if ($$rbuf =~ s/\A([a-f0-9]+).*?\r\n//i) {
$len = hex $1;
+ if (($len + -s $input) > $MAX_REQUEST_BUFFER) {
+ return quit($self, 413);
+ }
} elsif (length($$rbuf) > CHUNK_MAX_HDR) {
return quit($self, 400);
}
diff --git a/t/httpd-corner.t b/t/httpd-corner.t
index 8670846..59f37aa 100644
--- a/t/httpd-corner.t
+++ b/t/httpd-corner.t
@@ -97,6 +97,27 @@ my $spawn_httpd = sub {
like($head, qr/\b400\b/, 'got 400 response');
}
+{
+ my $conn = conn_for($sock, 'excessive body Content-Length');
+ $SIG{PIPE} = 'IGNORE';
+ my $n = (10 * 1024 * 1024) + 1;
+ $conn->write("PUT /sha1 HTTP/1.0\r\nContent-Length: $n\r\n\r\n");
+ ok($conn->read(my $buf, 8192), 'read response');
+ my ($head, $body) = split(/\r\n\r\n/, $buf);
+ like($head, qr/\b413\b/, 'got 413 response');
+}
+
+{
+ my $conn = conn_for($sock, 'excessive body chunked');
+ $SIG{PIPE} = 'IGNORE';
+ my $n = (10 * 1024 * 1024) + 1;
+ $conn->write("PUT /sha1 HTTP/1.1\r\nTransfer-Encoding: chunked\r\n");
+ $conn->write("\r\n".sprintf("%x\r\n", $n));
+ ok($conn->read(my $buf, 8192), 'read response');
+ my ($head, $body) = split(/\r\n\r\n/, $buf);
+ like($head, qr/\b413\b/, 'got 413 response');
+}
+
# Unix domain sockets
{
my $u = IO::Socket::UNIX->new(Type => SOCK_STREAM, Peer => $upath);
--
EW
^ permalink raw reply related [relevance 7%]
* [PATCH 0/3] http: some DoS prevention
@ 2016-03-06 2:09 6% Eric Wong
2016-03-06 2:09 7% ` [PATCH 3/3] http: reject excessively large HTTP request bodies Eric Wong
0 siblings, 1 reply; 2+ results
From: Eric Wong @ 2016-03-06 2:09 UTC (permalink / raw)
To: meta
Since public-inbox-httpd is may face untrusted clients directly
without a reverse proxy like haproxy/nginx; we should have some
basic protection to avoid DoS attacks involving excessive
resource use.
Eric Wong (3):
http: reject excessive headers
http: ensure errors are printable before PSGI env
http: reject excessively large HTTP request bodies
lib/PublicInbox/HTTP.pm | 23 ++++++++++++++++++++---
t/httpd-corner.t | 33 +++++++++++++++++++++++++++++++++
2 files changed, 53 insertions(+), 3 deletions(-)
^ permalink raw reply [relevance 6%]
Results 1-2 of 2 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2016-03-06 2:09 6% [PATCH 0/3] http: some DoS prevention Eric Wong
2016-03-06 2:09 7% ` [PATCH 3/3] http: reject excessively large HTTP request bodies Eric Wong
Code repositories for project(s) associated with this public inbox
https://80x24.org/public-inbox.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).