Merge pull request #6134 from gunnarbeutner/fix/incorrect-content-length-limits

Fix incorrect HTTP content length limits
This commit is contained in:
Gunnar Beutner 2018-02-28 14:16:15 +01:00 committed by GitHub
commit d23c03bfa5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 28 additions and 20 deletions

View File

@ -237,12 +237,12 @@ Available permissions for specific URL endpoints:
actions/<action> | /v1/actions | Yes | 1
config/query | /v1/config | No | 1
config/modify | /v1/config | No | 512
console | /v1/console | No | 512
console | /v1/console | No | 1
events/<type> | /v1/events | No | 1
objects/query/<type> | /v1/objects | Yes | 1
objects/create/<type> | /v1/objects | No | 512
objects/modify/<type> | /v1/objects | Yes | 512
objects/delete/<type> | /v1/objects | Yes | 512
objects/create/<type> | /v1/objects | No | 1
objects/modify/<type> | /v1/objects | Yes | 1
objects/delete/<type> | /v1/objects | Yes | 1
status/query | /v1/status | Yes | 1
templates/<type> | /v1/templates | Yes | 1
types | /v1/types | Yes | 1

View File

@ -189,16 +189,6 @@ bool HttpServerConnection::ProcessMessage()
bool HttpServerConnection::ManageHeaders(HttpResponse& response)
{
static const size_t defaultContentLengthLimit = 1 * 1024 * 1024;
static const Dictionary::Ptr specialContentLengthLimits = new Dictionary({
{"*", 512 * 1024 * 1024},
{"config/modify", 512 * 1024 * 1024},
{"console", 512 * 1024 * 1024},
{"objects/create", 512 * 1024 * 1024},
{"objects/modify", 512 * 1024 * 1024},
{"objects/delete", 512 * 1024 * 1024}
});
if (m_CurrentRequest.Headers->Get("expect") == "100-continue") {
String continueResponse = "HTTP/1.1 100 Continue\r\n\r\n";
m_Stream->Write(continueResponse.CStr(), continueResponse.GetLength());
@ -289,16 +279,34 @@ bool HttpServerConnection::ManageHeaders(HttpResponse& response)
return false;
}
static const size_t defaultContentLengthLimit = 1 * 1024 * 1024;
size_t maxSize = defaultContentLengthLimit;
Array::Ptr permissions = m_AuthenticatedUser->GetPermissions();
ObjectLock olock(permissions);
for (const Value& permission : permissions) {
std::vector<String> permissionParts = String(permission).Split("/");
String permissionPath = permissionParts[0] + (permissionParts.size() > 1 ? "/" + permissionParts[1] : "");
int size = specialContentLengthLimits->Get(permissionPath);
maxSize = size > maxSize ? size : maxSize;
if (permissions) {
ObjectLock olock(permissions);
for (const Value& permissionInfo : permissions) {
String permission;
if (permissionInfo.IsObjectType<Dictionary>())
permission = static_cast<Dictionary::Ptr>(permissionInfo)->Get("permission");
else
permission = permissionInfo;
static std::vector<std::pair<String, size_t>> specialContentLengthLimits {
{ "config/modify", 512 * 1024 * 1024 }
};
for (const auto& limitInfo : specialContentLengthLimits) {
if (limitInfo.second <= maxSize)
continue;
if (Utility::Match(permission, limitInfo.first))
maxSize = limitInfo.second;
}
}
}
size_t contentLength = m_CurrentRequest.Headers->Get("content-length");