mirror of https://github.com/Icinga/icinga2.git
Fix incorrect HTTP content length limits
This commit is contained in:
parent
254bd108df
commit
45c2803f3e
|
@ -237,12 +237,12 @@ Available permissions for specific URL endpoints:
|
|||
actions/<action> | /v1/actions | Yes | 1
|
||||
config/query | /v1/config | No | 1
|
||||
config/modify | /v1/config | No | 512
|
||||
console | /v1/console | No | 512
|
||||
console | /v1/console | No | 1
|
||||
events/<type> | /v1/events | No | 1
|
||||
objects/query/<type> | /v1/objects | Yes | 1
|
||||
objects/create/<type> | /v1/objects | No | 512
|
||||
objects/modify/<type> | /v1/objects | Yes | 512
|
||||
objects/delete/<type> | /v1/objects | Yes | 512
|
||||
objects/create/<type> | /v1/objects | No | 1
|
||||
objects/modify/<type> | /v1/objects | Yes | 1
|
||||
objects/delete/<type> | /v1/objects | Yes | 1
|
||||
status/query | /v1/status | Yes | 1
|
||||
templates/<type> | /v1/templates | Yes | 1
|
||||
types | /v1/types | Yes | 1
|
||||
|
|
|
@ -188,16 +188,6 @@ bool HttpServerConnection::ProcessMessage()
|
|||
|
||||
bool HttpServerConnection::ManageHeaders(HttpResponse& response)
|
||||
{
|
||||
static const size_t defaultContentLengthLimit = 1 * 1024 * 1024;
|
||||
static const Dictionary::Ptr specialContentLengthLimits = new Dictionary({
|
||||
{"*", 512 * 1024 * 1024},
|
||||
{"config/modify", 512 * 1024 * 1024},
|
||||
{"console", 512 * 1024 * 1024},
|
||||
{"objects/create", 512 * 1024 * 1024},
|
||||
{"objects/modify", 512 * 1024 * 1024},
|
||||
{"objects/delete", 512 * 1024 * 1024}
|
||||
});
|
||||
|
||||
if (m_CurrentRequest.Headers->Get("expect") == "100-continue") {
|
||||
String continueResponse = "HTTP/1.1 100 Continue\r\n\r\n";
|
||||
m_Stream->Write(continueResponse.CStr(), continueResponse.GetLength());
|
||||
|
@ -288,16 +278,34 @@ bool HttpServerConnection::ManageHeaders(HttpResponse& response)
|
|||
return false;
|
||||
}
|
||||
|
||||
static const size_t defaultContentLengthLimit = 1 * 1024 * 1024;
|
||||
size_t maxSize = defaultContentLengthLimit;
|
||||
|
||||
Array::Ptr permissions = m_AuthenticatedUser->GetPermissions();
|
||||
ObjectLock olock(permissions);
|
||||
|
||||
for (const Value& permission : permissions) {
|
||||
std::vector<String> permissionParts = String(permission).Split("/");
|
||||
String permissionPath = permissionParts[0] + (permissionParts.size() > 1 ? "/" + permissionParts[1] : "");
|
||||
int size = specialContentLengthLimits->Get(permissionPath);
|
||||
maxSize = size > maxSize ? size : maxSize;
|
||||
if (permissions) {
|
||||
ObjectLock olock(permissions);
|
||||
|
||||
for (const Value& permissionInfo : permissions) {
|
||||
String permission;
|
||||
|
||||
if (permissionInfo.IsObjectType<Dictionary>())
|
||||
permission = static_cast<Dictionary::Ptr>(permissionInfo)->Get("permission");
|
||||
else
|
||||
permission = permissionInfo;
|
||||
|
||||
static std::vector<std::pair<String, size_t>> specialContentLengthLimits {
|
||||
{ "config/modify", 512 * 1024 * 1024 }
|
||||
};
|
||||
|
||||
for (const auto& limitInfo : specialContentLengthLimits) {
|
||||
if (limitInfo.second <= maxSize)
|
||||
continue;
|
||||
|
||||
if (Utility::Match(permission, limitInfo.first))
|
||||
maxSize = limitInfo.second;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
size_t contentLength = m_CurrentRequest.Headers->Get("content-length");
|
||||
|
|
Loading…
Reference in New Issue