aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--net/http/parser.lua33
-rw-r--r--net/http/server.lua9
-rw-r--r--plugins/mod_http.lua3
3 files changed, 37 insertions, 8 deletions
diff --git a/net/http/parser.lua b/net/http/parser.lua
index 70df6513..fabbddad 100644
--- a/net/http/parser.lua
+++ b/net/http/parser.lua
@@ -1,5 +1,6 @@
local tonumber = tonumber;
local assert = assert;
+local t_insert, t_concat = table.insert, table.concat;
local url_parse = require "socket.url".parse;
local urldecode = require "util.http".urldecode;
@@ -27,7 +28,9 @@ local httpstream = {};
function httpstream.new(success_cb, error_cb, parser_type, options_cb)
local client = true;
if not parser_type or parser_type == "server" then client = false; else assert(parser_type == "client", "Invalid parser type"); end
- local buf = "";
+ local buf, buflen, buftable = {}, 0, true;
+ local bodylimit = tonumber(options_cb and options_cb().body_size_limit) or 10*1024*1024;
+ local buflimit = tonumber(options_cb and options_cb().buffer_size_limit) or bodylimit * 2;
local chunked, chunk_size, chunk_start;
local state = nil;
local packet;
@@ -38,6 +41,7 @@ function httpstream.new(success_cb, error_cb, parser_type, options_cb)
feed = function(_, data)
if error then return nil, "parse has failed"; end
if not data then -- EOF
+ if buftable then buf, buftable = t_concat(buf), false; end
if state and client and not len then -- reading client body until EOF
packet.body = buf;
success_cb(packet);
@@ -46,9 +50,17 @@ function httpstream.new(success_cb, error_cb, parser_type, options_cb)
end
return;
end
- buf = buf..data;
- while #buf > 0 do
+ if buftable then
+ t_insert(buf, data);
+ else
+ buf = { buf, data };
+ buftable = true;
+ end
+ buflen = buflen + #data;
+ if buflen > buflimit then error = true; return error_cb("max-buffer-size-exceeded"); end
+ while buflen > 0 do
if state == nil then -- read request
+ if buftable then buf, buftable = t_concat(buf), false; end
local index = buf:find("\r\n\r\n", nil, true);
if not index then return; end -- not enough data
local method, path, httpversion, status_code, reason_phrase;
@@ -79,6 +91,7 @@ function httpstream.new(success_cb, error_cb, parser_type, options_cb)
if not first_line then error = true; return error_cb("invalid-status-line"); end
chunked = have_body and headers["transfer-encoding"] == "chunked";
len = tonumber(headers["content-length"]); -- TODO check for invalid len
+ if len and len > bodylimit then error = true; return error_cb("content-length-limit-exceeded"); end
if client then
-- FIXME handle '100 Continue' response (by skipping it)
if not have_body then len = 0; end
@@ -115,11 +128,13 @@ function httpstream.new(success_cb, error_cb, parser_type, options_cb)
};
end
buf = buf:sub(index + 4);
+ buflen = #buf;
state = true;
end
if state then -- read body
if client then
if chunked then
+ if buftable then buf, buftable = t_concat(buf), false; end
if not buf:find("\r\n", nil, true) then
return;
end -- not enough data
@@ -132,25 +147,29 @@ function httpstream.new(success_cb, error_cb, parser_type, options_cb)
state, chunk_size = nil, nil;
buf = buf:gsub("^.-\r\n\r\n", ""); -- This ensure extensions and trailers are stripped
success_cb(packet);
- elseif #buf - chunk_start - 2 >= chunk_size then -- we have a chunk
+ elseif buflen - chunk_start - 2 >= chunk_size then -- we have a chunk
packet.body = packet.body..buf:sub(chunk_start, chunk_start + (chunk_size-1));
buf = buf:sub(chunk_start + chunk_size + 2);
chunk_size, chunk_start = nil, nil;
else -- Partial chunk remaining
break;
end
- elseif len and #buf >= len then
+ elseif len and buflen >= len then
+ if buftable then buf, buftable = t_concat(buf), false; end
if packet.code == 101 then
- packet.body, buf = buf, "";
+ packet.body, buf, buflen, buftable = buf, {}, 0, true;
else
packet.body, buf = buf:sub(1, len), buf:sub(len + 1);
+ buflen = #buf;
end
state = nil; success_cb(packet);
else
break;
end
- elseif #buf >= len then
+ elseif buflen >= len then
+ if buftable then buf, buftable = t_concat(buf), false; end
packet.body, buf = buf:sub(1, len), buf:sub(len + 1);
+ buflen = #buf;
state = nil; success_cb(packet);
else
break;
diff --git a/net/http/server.lua b/net/http/server.lua
index ba45ede0..93bbffb4 100644
--- a/net/http/server.lua
+++ b/net/http/server.lua
@@ -22,6 +22,7 @@ local incomplete = {};
local listener = {};
local hosts = {};
local default_host;
+local options = {};
local function is_wildcard_event(event)
return event:sub(-2, -1) == "/*";
@@ -133,7 +134,10 @@ function listener.onconnect(conn)
sessions[conn] = nil;
conn:close();
end
- sessions[conn] = parser_new(success_cb, error_cb);
+ local function options_cb()
+ return options;
+ end
+ sessions[conn] = parser_new(success_cb, error_cb, "server", options_cb);
end
function listener.ondisconnect(conn)
@@ -350,6 +354,9 @@ end
function _M.fire_event(event, ...)
return events.fire_event(event, ...);
end
+function _M.set_option(name, value)
+ options[name] = value;
+end
_M.listener = listener;
_M.codes = codes;
diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua
index 086887fb..2cde9341 100644
--- a/plugins/mod_http.lua
+++ b/plugins/mod_http.lua
@@ -18,6 +18,9 @@ local server = require "net.http.server";
server.set_default_host(module:get_option_string("http_default_host"));
+server.set_option("body_size_limit", module:get_option_number("http_max_content_size"));
+server.set_option("buffer_size_limit", module:get_option_number("http_max_buffer_size"));
+
local function normalize_path(path)
if path:sub(-1,-1) == "/" then path = path:sub(1, -2); end
if path:sub(1,1) ~= "/" then path = "/"..path; end