60375 – Apache httpd returns "200 OK" for a request exceeding LimitRequestBody when enabling mod_ext_filter

Bug 60375 - Apache httpd returns "200 OK" for a request exceeding LimitRequestBody when enabling mod_ext_filter

Summary: Apache httpd returns "200 OK" for a request exceeding LimitRequestBody when e...

Status:	RESOLVED FIXED

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	mod_ext_filter (show other bugs)
Version:	2.4.23
Hardware:	PC Linux

Importance:	P2 normal (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:
Keywords:	PatchAvailable

Depends on:
Blocks:

Reported:	2016-11-15 15:44 UTC by Lubos Uhliarik
Modified:	2017-02-16 17:37 UTC (History)
CC List:	0 users

Attachments
Patch fixing the issue (590 bytes, patch) 2016-11-15 15:44 UTC, Lubos Uhliarik	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Lubos Uhliarik 2016-11-15 15:44:08 UTC

Created attachment 34448 [details]
Patch fixing the issue

Apache httpd returns "200 OK" for a request exceeding LimitRequestBody when enabling mod_ext_filter.

Version:
httpd-2.4.23

Steps to Reproduce:

1. Configure LimitRequestBody and mod_ext_filter:

    LimitRequestBody 100
    ExtFilterDefine testfilter mode=output cmd="/bin/sed s/foo/bar/g"
    SetOutputFilter testfilter

2. Prepare a test file which is larger than LimitRequestBody

    dd if=/dev/zero of=/tmp/testfile bs=1 count=101

3. Create testing page
    
    echo "HELLO" > /var/www/html/test.html 

4. Start httpd
    
    systemctl start httpd

5. Sent a POST request with the file 

    curl -X POST -v -s -T /tmp/testfile http://127.0.0.1/test.html


Actual results:

Apache httpd returns "200 OK"

~~~
$ curl -X POST -v -s -T /tmp/testfile 127.0.0.1/test.html
...
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)
> POST /test.html HTTP/1.1
> Host: 127.0.0.1
> User-Agent: curl/7.47.1
> Accept: */*
> Content-Length: 101
> Expect: 100-continue
> 
< HTTP/1.1 200 OK
< Date: Tue, 15 Nov 2016 15:37:30 GMT
< Server: Apache/2.4.23 (Fedora)
< Content-Length: 0
< Connection: close
< Content-Type: text/html; charset=UTF-8
< 
* Excess found in a non pipelined read: excess = 6 url = /test.html (zero-length body)
* Closing connection 0
~~~


Expected results:

Apache httpd should return "413 Request Entity Too Large".



Attaching proposed patch.

Comment 1 Eric Covener 2016-12-22 22:59:10 UTC

I didn't see there was already a patch. The problem is that 2.4 input filter uses error buckets and mod_ext_filter does not preserve them for output.

I lifted this stanza from mod_request and it makes the test pass for me:

Index: mod_ext_filter.c
===================================================================
--- mod_ext_filter.c    (revision 1775678)
+++ mod_ext_filter.c    (working copy)
@@ -756,6 +756,12 @@
             eos = b;
             break;
         }
+        if (AP_BUCKET_IS_ERROR(b)) {
+            apr_bucket *cpy;
+            apr_bucket_copy(b, &cpy);
+            APR_BRIGADE_INSERT_TAIL(bb_tmp, cpy);
+            break;
+        }
 
         rv = apr_bucket_read(b, &data, &len, APR_BLOCK_READ);
         if (rv != APR_SUCCESS) {

Comment 2 Joe Orton 2017-02-16 17:36:38 UTC

Many thanks Eric for fixing this!  trunk -> r1775770 trunk -> r1775832

Comment 3 Joe Orton 2017-02-16 17:37:08 UTC

Oops. 2.4.x -> r1775832