From 45c2803f3e29b8b1042e6569b7d860498940eca0 Mon Sep 17 00:00:00 2001 From: Gunnar Beutner Date: Wed, 28 Feb 2018 12:06:01 +0100 Subject: [PATCH] Fix incorrect HTTP content length limits --- doc/12-icinga2-api.md | 8 +++--- lib/remote/httpserverconnection.cpp | 40 +++++++++++++++++------------ 2 files changed, 28 insertions(+), 20 deletions(-) diff --git a/doc/12-icinga2-api.md b/doc/12-icinga2-api.md index 6e515fb36..838fd86a4 100644 --- a/doc/12-icinga2-api.md +++ b/doc/12-icinga2-api.md @@ -237,12 +237,12 @@ Available permissions for specific URL endpoints: actions/<action> | /v1/actions | Yes | 1 config/query | /v1/config | No | 1 config/modify | /v1/config | No | 512 - console | /v1/console | No | 512 + console | /v1/console | No | 1 events/<type> | /v1/events | No | 1 objects/query/<type> | /v1/objects | Yes | 1 - objects/create/<type> | /v1/objects | No | 512 - objects/modify/<type> | /v1/objects | Yes | 512 - objects/delete/<type> | /v1/objects | Yes | 512 + objects/create/<type> | /v1/objects | No | 1 + objects/modify/<type> | /v1/objects | Yes | 1 + objects/delete/<type> | /v1/objects | Yes | 1 status/query | /v1/status | Yes | 1 templates/<type> | /v1/templates | Yes | 1 types | /v1/types | Yes | 1 diff --git a/lib/remote/httpserverconnection.cpp b/lib/remote/httpserverconnection.cpp index 122209f62..130f56681 100644 --- a/lib/remote/httpserverconnection.cpp +++ b/lib/remote/httpserverconnection.cpp @@ -188,16 +188,6 @@ bool HttpServerConnection::ProcessMessage() bool HttpServerConnection::ManageHeaders(HttpResponse& response) { - static const size_t defaultContentLengthLimit = 1 * 1024 * 1024; - static const Dictionary::Ptr specialContentLengthLimits = new Dictionary({ - {"*", 512 * 1024 * 1024}, - {"config/modify", 512 * 1024 * 1024}, - {"console", 512 * 1024 * 1024}, - {"objects/create", 512 * 1024 * 1024}, - {"objects/modify", 512 * 1024 * 1024}, - {"objects/delete", 512 * 1024 * 1024} - }); - if (m_CurrentRequest.Headers->Get("expect") == "100-continue") { String continueResponse = "HTTP/1.1 100 Continue\r\n\r\n"; m_Stream->Write(continueResponse.CStr(), continueResponse.GetLength()); @@ -288,16 +278,34 @@ bool HttpServerConnection::ManageHeaders(HttpResponse& response) return false; } + static const size_t defaultContentLengthLimit = 1 * 1024 * 1024; size_t maxSize = defaultContentLengthLimit; Array::Ptr permissions = m_AuthenticatedUser->GetPermissions(); - ObjectLock olock(permissions); - for (const Value& permission : permissions) { - std::vector permissionParts = String(permission).Split("/"); - String permissionPath = permissionParts[0] + (permissionParts.size() > 1 ? "/" + permissionParts[1] : ""); - int size = specialContentLengthLimits->Get(permissionPath); - maxSize = size > maxSize ? size : maxSize; + if (permissions) { + ObjectLock olock(permissions); + + for (const Value& permissionInfo : permissions) { + String permission; + + if (permissionInfo.IsObjectType()) + permission = static_cast(permissionInfo)->Get("permission"); + else + permission = permissionInfo; + + static std::vector> specialContentLengthLimits { + { "config/modify", 512 * 1024 * 1024 } + }; + + for (const auto& limitInfo : specialContentLengthLimits) { + if (limitInfo.second <= maxSize) + continue; + + if (Utility::Match(permission, limitInfo.first)) + maxSize = limitInfo.second; + } + } } size_t contentLength = m_CurrentRequest.Headers->Get("content-length");