mirror of https://github.com/Icinga/icinga2.git
Fix incorrect HTTP content length limits
This commit is contained in:
parent
85858e6a36
commit
622127276b
|
@ -230,12 +230,12 @@ Available permissions for specific URL endpoints:
|
||||||
actions/<action> | /v1/actions | Yes | 1
|
actions/<action> | /v1/actions | Yes | 1
|
||||||
config/query | /v1/config | No | 1
|
config/query | /v1/config | No | 1
|
||||||
config/modify | /v1/config | No | 512
|
config/modify | /v1/config | No | 512
|
||||||
console | /v1/console | No | 512
|
console | /v1/console | No | 1
|
||||||
events/<type> | /v1/events | No | 1
|
events/<type> | /v1/events | No | 1
|
||||||
objects/query/<type> | /v1/objects | Yes | 1
|
objects/query/<type> | /v1/objects | Yes | 1
|
||||||
objects/create/<type> | /v1/objects | No | 512
|
objects/create/<type> | /v1/objects | No | 1
|
||||||
objects/modify/<type> | /v1/objects | Yes | 512
|
objects/modify/<type> | /v1/objects | Yes | 1
|
||||||
objects/delete/<type> | /v1/objects | Yes | 512
|
objects/delete/<type> | /v1/objects | Yes | 1
|
||||||
status/query | /v1/status | Yes | 1
|
status/query | /v1/status | Yes | 1
|
||||||
templates/<type> | /v1/templates | Yes | 1
|
templates/<type> | /v1/templates | Yes | 1
|
||||||
types | /v1/types | Yes | 1
|
types | /v1/types | Yes | 1
|
||||||
|
|
|
@ -190,15 +190,6 @@ bool HttpServerConnection::ProcessMessage(void)
|
||||||
|
|
||||||
bool HttpServerConnection::ManageHeaders(HttpResponse& response)
|
bool HttpServerConnection::ManageHeaders(HttpResponse& response)
|
||||||
{
|
{
|
||||||
static const size_t defaultContentLengthLimit = 1 * 1024 * 1024;
|
|
||||||
static const Dictionary::Ptr specialContentLengthLimits = new Dictionary;
|
|
||||||
specialContentLengthLimits->Set("*", 512 * 1024 * 1024);
|
|
||||||
specialContentLengthLimits->Set("config/modify", 512 * 1024 * 1024);
|
|
||||||
specialContentLengthLimits->Set("console", 512 * 1024 * 1024);
|
|
||||||
specialContentLengthLimits->Set("objects/create", 512 * 1024 * 1024);
|
|
||||||
specialContentLengthLimits->Set("objects/modify", 512 * 1024 * 1024);
|
|
||||||
specialContentLengthLimits->Set("objects/delete", 512 * 1024 * 1024);
|
|
||||||
|
|
||||||
if (m_CurrentRequest.Headers->Get("expect") == "100-continue") {
|
if (m_CurrentRequest.Headers->Get("expect") == "100-continue") {
|
||||||
String continueResponse = "HTTP/1.1 100 Continue\r\n\r\n";
|
String continueResponse = "HTTP/1.1 100 Continue\r\n\r\n";
|
||||||
m_Stream->Write(continueResponse.CStr(), continueResponse.GetLength());
|
m_Stream->Write(continueResponse.CStr(), continueResponse.GetLength());
|
||||||
|
@ -289,16 +280,34 @@ bool HttpServerConnection::ManageHeaders(HttpResponse& response)
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static const size_t defaultContentLengthLimit = 1 * 1024 * 1024;
|
||||||
size_t maxSize = defaultContentLengthLimit;
|
size_t maxSize = defaultContentLengthLimit;
|
||||||
|
|
||||||
Array::Ptr permissions = m_AuthenticatedUser->GetPermissions();
|
Array::Ptr permissions = m_AuthenticatedUser->GetPermissions();
|
||||||
|
|
||||||
|
if (permissions) {
|
||||||
ObjectLock olock(permissions);
|
ObjectLock olock(permissions);
|
||||||
|
|
||||||
for (const Value& permission : permissions) {
|
for (const Value& permissionInfo : permissions) {
|
||||||
std::vector<String> permissionParts = String(permission).Split("/");
|
String permission;
|
||||||
String permissionPath = permissionParts[0] + (permissionParts.size() > 1 ? "/" + permissionParts[1] : "");
|
|
||||||
int size = specialContentLengthLimits->Get(permissionPath);
|
if (permissionInfo.IsObjectType<Dictionary>())
|
||||||
maxSize = size > maxSize ? size : maxSize;
|
permission = static_cast<Dictionary::Ptr>(permissionInfo)->Get("permission");
|
||||||
|
else
|
||||||
|
permission = permissionInfo;
|
||||||
|
|
||||||
|
static std::vector<std::pair<String, size_t>> specialContentLengthLimits {
|
||||||
|
{ "config/modify", 512 * 1024 * 1024 }
|
||||||
|
};
|
||||||
|
|
||||||
|
for (const auto& limitInfo : specialContentLengthLimits) {
|
||||||
|
if (limitInfo.second <= maxSize)
|
||||||
|
continue;
|
||||||
|
|
||||||
|
if (Utility::Match(permission, limitInfo.first))
|
||||||
|
maxSize = limitInfo.second;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
size_t contentLength = m_CurrentRequest.Headers->Get("content-length");
|
size_t contentLength = m_CurrentRequest.Headers->Get("content-length");
|
||||||
|
|
Loading…
Reference in New Issue