[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libmicrohttpd] unable to respond before reading entire incoming pay

From: Christian Grothoff
Subject: Re: [libmicrohttpd] unable to respond before reading entire incoming payload
Date: Tue, 13 Dec 2016 07:26:48 +0100
User-agent: Mozilla/5.0 (X11; Linux i686; rv:45.0) Gecko/20100101 Thunderbird/45.2.0

On 12/12/2016 08:39 PM, Evgeny Grin wrote:
> Hi,
>> I am provoking a request for 'Payload too large' for our MHD server, by
>> using curl sending a short request (~25 bytes) but adding a Content-Len
>> header of a lot more (2 megabytes).
> To clarify: you are not providing some large request body, you are just
> added Content-Length header?
>> In our case the maximum payload we accept is a megabyte.
>> So, in the mhd callback routines we detect the  Content-Len header (and
>> probably read the 25 bytes of payload as well, haven't checked) and when
>> we see that the Content-Len header value is beyond our allowed max size,
>> we want to return a response with a payload telling the user about the
>> error.
>> We've tried to set the upload_data_size pointer to point to ZERO,
>> awaiting the last call to the callback, but it never comes.
>> Probably due to that MHD still believes there is more data to read.
>> Using MHD_OPTION_CONNECTION_TIMEOUT, at least the connection resets
>> instead of hangs, but ... we'd like to send that response ...
>> Is there any way to accomplish what we want?
> If request has header that indicated 2megs size of request body, MHD
> will read whole request before sending response. So if request has only
> header indicating that body is 2MB, but body is absent or smaller - MHD
> will wait for for whole 2MB (indefinitely or until timeout).
> If you request is real 2MB size and you don't want to process it, you
> can read whole 2MB, but ignore it and send response with error.
> Alternatively - you can abort connection, but if client is web-browser,
> it will repeat sending request.

Actually, I think this is a "100 continue"-question.  *IF* the client is
using the "Expect" header to indicate that it is waiting for the
100-Continue response (which it should for HTTP/1.1), THEN you can avoid
receiving the 2 MB upload by immediately (upon the first time you get
the main callback) queueing a response.  So you do not wait until you
get _any_ upload data. That's really why MHD calls the callback 2+x
times for POST: 1x to give you a chance to reject, x-times to process
upload data, and finally to give you a chance to reply.  So if on the
very first callback (when all you have is the headers) you find that the
client supports/requires 100-continue (or an error), then DO reply
immediately with your error code and a (compliant) client will not even
attempt the upload.

Happy hacking!


Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]