Created attachment 34448 [details] Patch fixing the issue Apache httpd returns "200 OK" for a request exceeding LimitRequestBody when enabling mod_ext_filter. Version: httpd-2.4.23 Steps to Reproduce: 1. Configure LimitRequestBody and mod_ext_filter: LimitRequestBody 100 ExtFilterDefine testfilter mode=output cmd="/bin/sed s/foo/bar/g" SetOutputFilter testfilter 2. Prepare a test file which is larger than LimitRequestBody dd if=/dev/zero of=/tmp/testfile bs=1 count=101 3. Create testing page echo "HELLO" > /var/www/html/test.html 4. Start httpd systemctl start httpd 5. Sent a POST request with the file curl -X POST -v -s -T /tmp/testfile http://127.0.0.1/test.html Actual results: Apache httpd returns "200 OK" ~~~ $ curl -X POST -v -s -T /tmp/testfile 127.0.0.1/test.html ... * Trying 127.0.0.1... * Connected to 127.0.0.1 (127.0.0.1) port 80 (#0) > POST /test.html HTTP/1.1 > Host: 127.0.0.1 > User-Agent: curl/7.47.1 > Accept: */* > Content-Length: 101 > Expect: 100-continue > < HTTP/1.1 200 OK < Date: Tue, 15 Nov 2016 15:37:30 GMT < Server: Apache/2.4.23 (Fedora) < Content-Length: 0 < Connection: close < Content-Type: text/html; charset=UTF-8 < * Excess found in a non pipelined read: excess = 6 url = /test.html (zero-length body) * Closing connection 0 ~~~ Expected results: Apache httpd should return "413 Request Entity Too Large". Attaching proposed patch.
I didn't see there was already a patch. The problem is that 2.4 input filter uses error buckets and mod_ext_filter does not preserve them for output. I lifted this stanza from mod_request and it makes the test pass for me: Index: mod_ext_filter.c =================================================================== --- mod_ext_filter.c (revision 1775678) +++ mod_ext_filter.c (working copy) @@ -756,6 +756,12 @@ eos = b; break; } + if (AP_BUCKET_IS_ERROR(b)) { + apr_bucket *cpy; + apr_bucket_copy(b, &cpy); + APR_BRIGADE_INSERT_TAIL(bb_tmp, cpy); + break; + } rv = apr_bucket_read(b, &data, &len, APR_BLOCK_READ); if (rv != APR_SUCCESS) {
Many thanks Eric for fixing this! trunk -> r1775770 trunk -> r1775832
Oops. 2.4.x -> r1775832