Limit HTTP POST data size to 1MiB

We need to have an upper limit of the size of HTTP POST data. With the current code you could just send 4 GiB of data to webadmin and ZNC would try to keep all of this in memory. This patch implements an upper limit for HTTP POST data of 1 MiB. Thanks to cnu for finding this. git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1559 726aef4b-f618-498e-8847-2d620e286838
2026-05-05 13:02:31 +02:00 · 2009-07-06 17:07:03 +00:00
parent 338e52af9c
commit be6bd29b20
1 changed files with 4 additions and 0 deletions
--- a/HTTPSock.cpp
+++ b/HTTPSock.cpp
@@ -11,6 +11,8 @@
 #include "HTTPSock.h"
 #include "znc.h"

+#define MAX_POST_SIZE	1024 * 1024
+
 CHTTPSock::CHTTPSock(CModule *pMod) : CSocket(pMod) {
 	Init();
 }
@@ -77,6 +79,8 @@ void CHTTPSock::ReadLine(const CString& sData) {
 		m_bLoggedIn = OnLogin(m_sUser, m_sPass);
 	} else if (sName.Equals("Content-Length:")) {
 		m_uPostLen = sLine.Token(1).ToULong();
+		if (m_uPostLen > MAX_POST_SIZE)
+			PrintErrorPage(413, "Request Entity Too Large", "The request you sent was too large.");
 	} else if (sName.Equals("If-None-Match:")) {
 		// this is for proper client cache support (HTTP 304) on static files:
 		m_sIfNoneMatch = sLine.Token(1, true);