# HG changeset patch # User Kim Alvefur # Date 1471526162 -7200 # Node ID 01d0d466d7be8bbc09821a27b1d01341fa3d497e # Parent f549587b8c06c9c0a91af0ccdbb0f42df9b616b6# Parent 588ed6451984276c4d03435a6af278bf910b1fd8 Merge 0.9->0.10 diff -r f549587b8c06 -r 01d0d466d7be net/http/parser.lua --- a/net/http/parser.lua Sat Aug 13 16:11:30 2016 +0200 +++ b/net/http/parser.lua Thu Aug 18 15:16:02 2016 +0200 @@ -1,5 +1,6 @@ local tonumber = tonumber; local assert = assert; +local t_insert, t_concat = table.insert, table.concat; local url_parse = require "socket.url".parse; local urldecode = require "util.http".urldecode; @@ -27,7 +28,9 @@ function httpstream.new(success_cb, error_cb, parser_type, options_cb) local client = true; if not parser_type or parser_type == "server" then client = false; else assert(parser_type == "client", "Invalid parser type"); end - local buf = ""; + local buf, buflen, buftable = {}, 0, true; + local bodylimit = tonumber(options_cb and options_cb().body_size_limit) or 10*1024*1024; + local buflimit = tonumber(options_cb and options_cb().buffer_size_limit) or bodylimit * 2; local chunked, chunk_size, chunk_start; local state = nil; local packet; @@ -38,6 +41,7 @@ feed = function(_, data) if error then return nil, "parse has failed"; end if not data then -- EOF + if buftable then buf, buftable = t_concat(buf), false; end if state and client and not len then -- reading client body until EOF packet.body = buf; success_cb(packet); @@ -46,9 +50,17 @@ end return; end - buf = buf..data; - while #buf > 0 do + if buftable then + t_insert(buf, data); + else + buf = { buf, data }; + buftable = true; + end + buflen = buflen + #data; + if buflen > buflimit then error = true; return error_cb("max-buffer-size-exceeded"); end + while buflen > 0 do if state == nil then -- read request + if buftable then buf, buftable = t_concat(buf), false; end local index = buf:find("\r\n\r\n", nil, true); if not index then return; end -- not enough data local method, path, httpversion, status_code, reason_phrase; @@ -79,6 +91,7 @@ if not first_line then error = true; return error_cb("invalid-status-line"); end chunked = have_body and headers["transfer-encoding"] == "chunked"; len = tonumber(headers["content-length"]); -- TODO check for invalid len + if len and len > bodylimit then error = true; return error_cb("content-length-limit-exceeded"); end if client then -- FIXME handle '100 Continue' response (by skipping it) if not have_body then len = 0; end @@ -115,11 +128,13 @@ }; end buf = buf:sub(index + 4); + buflen = #buf; state = true; end if state then -- read body if client then if chunked then + if buftable then buf, buftable = t_concat(buf), false; end if not buf:find("\r\n", nil, true) then return; end -- not enough data @@ -132,25 +147,29 @@ state, chunk_size = nil, nil; buf = buf:gsub("^.-\r\n\r\n", ""); -- This ensure extensions and trailers are stripped success_cb(packet); - elseif #buf - chunk_start - 2 >= chunk_size then -- we have a chunk + elseif buflen - chunk_start - 2 >= chunk_size then -- we have a chunk packet.body = packet.body..buf:sub(chunk_start, chunk_start + (chunk_size-1)); buf = buf:sub(chunk_start + chunk_size + 2); chunk_size, chunk_start = nil, nil; else -- Partial chunk remaining break; end - elseif len and #buf >= len then + elseif len and buflen >= len then + if buftable then buf, buftable = t_concat(buf), false; end if packet.code == 101 then - packet.body, buf = buf, ""; + packet.body, buf, buflen, buftable = buf, {}, 0, true; else packet.body, buf = buf:sub(1, len), buf:sub(len + 1); + buflen = #buf; end state = nil; success_cb(packet); else break; end - elseif #buf >= len then + elseif buflen >= len then + if buftable then buf, buftable = t_concat(buf), false; end packet.body, buf = buf:sub(1, len), buf:sub(len + 1); + buflen = #buf; state = nil; success_cb(packet); else break; diff -r f549587b8c06 -r 01d0d466d7be net/http/server.lua --- a/net/http/server.lua Sat Aug 13 16:11:30 2016 +0200 +++ b/net/http/server.lua Thu Aug 18 15:16:02 2016 +0200 @@ -22,6 +22,7 @@ local listener = {}; local hosts = {}; local default_host; +local options = {}; local function is_wildcard_event(event) return event:sub(-2, -1) == "/*"; @@ -133,7 +134,10 @@ sessions[conn] = nil; conn:close(); end - sessions[conn] = parser_new(success_cb, error_cb); + local function options_cb() + return options; + end + sessions[conn] = parser_new(success_cb, error_cb, "server", options_cb); end function listener.ondisconnect(conn) @@ -350,6 +354,9 @@ function _M.fire_event(event, ...) return events.fire_event(event, ...); end +function _M.set_option(name, value) + options[name] = value; +end _M.listener = listener; _M.codes = codes; diff -r f549587b8c06 -r 01d0d466d7be plugins/mod_http.lua --- a/plugins/mod_http.lua Sat Aug 13 16:11:30 2016 +0200 +++ b/plugins/mod_http.lua Thu Aug 18 15:16:02 2016 +0200 @@ -18,6 +18,9 @@ server.set_default_host(module:get_option_string("http_default_host")); +server.set_option("body_size_limit", module:get_option_number("http_max_content_size")); +server.set_option("buffer_size_limit", module:get_option_number("http_max_buffer_size")); + local function normalize_path(path) if path:sub(-1,-1) == "/" then path = path:sub(1, -2); end if path:sub(1,1) ~= "/" then path = "/"..path; end