gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[taler-merchant] 232/277: 413 limits

From: gnunet
Subject: [taler-merchant] 232/277: 413 limits
Date: Sun, 05 Jul 2020 20:52:25 +0200 
This is an automated email from the git hooks/post-receive script.

grothoff pushed a commit to branch master
in repository merchant.

commit e5c81bcae0e402877fc9b6c54f91ef9ef3267b67
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Sun Jun 21 12:10:45 2020 +0200

    413 limits
---
 src/backend/taler-merchant-httpd.c | 33 ++++++++++++++++++++++++---------
 1 file changed, 24 insertions(+), 9 deletions(-)

diff --git a/src/backend/taler-merchant-httpd.c 
b/src/backend/taler-merchant-httpd.c
index 314e65a..4fdd9f6 100644
--- a/src/backend/taler-merchant-httpd.c
+++ b/src/backend/taler-merchant-httpd.c
@@ -804,7 +804,12 @@ url_handler (void *cls,
     {
       .url_prefix = "/products",
       .method = MHD_HTTP_METHOD_POST,
-      .handler = &TMH_private_post_products
+      .handler = &TMH_private_post_products,
+      /* allow product data of up to 8 MB, that should be plenty;
+         note that exceeding #GNUNET_MAX_MALLOC_CHECKED (40 MB)
+         would require further changes to the allocation logic
+         in the code... */
+      .max_upload = 1024 * 1024 * 8
     },
     /* GET /products/$ID/: */
     {
@@ -825,7 +830,12 @@ url_handler (void *cls,
       .url_prefix = "/products/",
       .method = MHD_HTTP_METHOD_PATCH,
       .have_id_segment = true,
-      .handler = &TMH_private_patch_products_ID
+      .handler = &TMH_private_patch_products_ID,
+      /* allow product data of up to 8 MB, that should be plenty;
+         note that exceeding #GNUNET_MAX_MALLOC_CHECKED (40 MB)
+         would require further changes to the allocation logic
+         in the code... */
+      .max_upload = 1024 * 1024 * 8
     },
     /* POST /products/$ID/lock: */
     {
@@ -839,7 +849,12 @@ url_handler (void *cls,
     {
       .url_prefix = "/orders",
       .method = MHD_HTTP_METHOD_POST,
-      .handler = &TMH_private_post_orders
+      .handler = &TMH_private_post_orders,
+      /* allow contracts of up to 8 MB, that should be plenty;
+         note that exceeding #GNUNET_MAX_MALLOC_CHECKED (40 MB)
+         would require further changes to the allocation logic
+         in the code... */
+      .max_upload = 1024 * 1024 * 8
     },
     /* GET /orders/$ID: */
     {
@@ -1006,7 +1021,10 @@ url_handler (void *cls,
       .method = MHD_HTTP_METHOD_POST,
       .have_id_segment = true,
       .url_suffix = "pickup",
-      .handler = &TMH_post_tips_ID_pickup
+      .handler = &TMH_post_tips_ID_pickup,
+      /* wallet may give us many coins to sign, allow 1 MB of upload
+         to set a conservative bound for sane wallets */
+      .max_upload = 1024 * 1024
     },
     {
       NULL
@@ -1288,6 +1306,8 @@ url_handler (void *cls,
   {
     const char *cl;
 
+    /* Maybe check for maximum upload size
+       and refuse requests if they are just too big. */
     cl = MHD_lookup_connection_value (connection,
                                       MHD_HEADER_KIND,
                                       MHD_HTTP_HEADER_CONTENT_LENGTH);
@@ -1315,11 +1335,6 @@ url_handler (void *cls,
                                            "upload exceeds limit");
       }
     }
-
-    /* FIXME: Maybe check for maximum upload size here
-       and refuse if it is too big? (Note: maximum upload
-       size may need to vary based on the handler.) */
-
     GNUNET_break (NULL == hc->request_body); /* can't have it already */
     return MHD_YES; /* proceed with upload */
   }

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]