re: bin/56085: One can kind of run away with memory as bozodgetln grows a buffer to infinity

[matthew green <mrg%eterna.com.au@localhost>]

> >Description:
> bozodgetln grows a buffer to infinity. 

indeed it does.  thanks for the report.

> This appears to be limited by httpd->header_timeout (off by default).

this should be 10 seconds:

#define HEADER_WAIT_TIME        "10"    /* need more headers every 10 seconds */

        if (!bozo_set_pref(httpd, prefs, "header timeout", HEADER_WAIT_TIME))

and then

        if ((cp = bozo_get_pref(prefs, "header timeout")) != NULL) {
		httpd->header_timeout = atoi(cp);

so if you're not seeing timeouts either from the initial connection
(should be 30s) or any time after this for headers at 10s, there is
something happening i'm not seeing here.  eg, if i connect and do
nothing, timeout after 30s, if i connect and only give it a non 0.9
request, so it is waiting for headers, disconnect 10s later.

> Patch below - minimally tested against running the daemon out of inetd.  Also, users should impose a header timeout.

i'm re-using the existing value for BOZO_HEADERS_MAX_SIZE for
the request as well, rather than adding another value.  it
has a default of 16KB.

i don't understand the first chunk here:

> Index: bozohttpd.c
> ===================================================================
> RCS file: /cvsroot/src/libexec/httpd/bozohttpd.c,v
> retrieving revision 1.128
> diff -r1.128 bozohttpd.c
> 859a860,864
> > 	if (!str) {
> > 		bozo_http_error(httpd, 400, request, "bad headers");
> > 		goto cleanup;
> > 	}
> > 

what is this trying to fix?  it's not invalid for there to be
nothing left here is it?

thanks.


.mrg.

ps: please use 'diff -pu' (or at least 'diff -pc').