From ff37b3fe17f04db80e31cb070e3ce8fa1f9eae39 Mon Sep 17 00:00:00 2001
From: Eric Wong <normalperson@yhbt.net>
Date: Sun, 9 Aug 2009 03:41:34 -0700
Subject: http: unit tests for overflow and bad lengths

We're bound by the maximum value of off_t when handling
input bodies (we need to buffer to disk).  Also ensure
we stop bad clients that send us unparseable lengths.
---
 ext/unicorn_http/unicorn_http.rl | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'ext')

diff --git a/ext/unicorn_http/unicorn_http.rl b/ext/unicorn_http/unicorn_http.rl
index 5a5c053..edf39ae 100644
--- a/ext/unicorn_http/unicorn_http.rl
+++ b/ext/unicorn_http/unicorn_http.rl
@@ -478,6 +478,22 @@ void Init_unicorn_http(void)
   rb_define_method(cHttpParser, "trailers", HttpParser_headers, 2);
   rb_define_method(cHttpParser, "content_length", HttpParser_content_length, 0);
   rb_define_method(cHttpParser, "body_eof?", HttpParser_body_eof, 0);
+
+  /*
+   * The maximum size a single chunk when using chunked transfer encoding.
+   * This is only a theoretical maximum used to detect errors in clients,
+   * it is highly unlikely to encounter clients that send more than
+   * several kilobytes at once.
+   */
+  rb_define_const(cHttpParser, "CHUNK_MAX", OFFT2NUM(UH_OFF_T_MAX));
+
+  /*
+   * The maximum size of the body as specified by Content-Length.
+   * This is only a theoretical maximum, the actual limit is subject
+   * to the limits of the file system used for +Dir::tmpdir+
+   */
+  rb_define_const(cHttpParser, "LENGTH_MAX", OFFT2NUM(UH_OFF_T_MAX));
+
   init_common_fields();
   SET_GLOBAL(g_http_host, "HOST");
   SET_GLOBAL(g_http_trailer, "TRAILER");
-- 
cgit v1.2.3-24-ge0c7