From 2a285ff7d3ee5bbf02cff963f697230fa152e05d Mon Sep 17 00:00:00 2001 From: Alfredo Cardigliano Date: Wed, 15 Jan 2020 19:05:01 +0100 Subject: [PATCH] Allocate only the required memory on POST instead of max. Increased max a bit. --- include/ntop_defines.h | 2 +- src/LuaEngine.cpp | 11 ++++++++--- third-party/mongoose/mongoose.c | 4 ++++ third-party/mongoose/mongoose.h | 2 ++ 4 files changed, 15 insertions(+), 4 deletions(-) diff --git a/include/ntop_defines.h b/include/ntop_defines.h index 44953e59f2..f934b9d137 100644 --- a/include/ntop_defines.h +++ b/include/ntop_defines.h @@ -975,7 +975,7 @@ #define HTTP_MAX_CONTENT_TYPE_LENGTH 63 #define HTTP_MAX_HEADER_LINES 20 -#define HTTP_MAX_POST_DATA_LEN 8192 +#define HTTP_MAX_POST_DATA_LEN 65536 #define HTTP_CONTENT_TYPE_HEADER "Content-Type: " #define CONST_HELLO_HOST "hello" diff --git a/src/LuaEngine.cpp b/src/LuaEngine.cpp index e22a575c23..5674d79234 100644 --- a/src/LuaEngine.cpp +++ b/src/LuaEngine.cpp @@ -12213,11 +12213,16 @@ int LuaEngine::handle_script_request(struct mg_connection *conn, /* Check for POST requests */ if((strcmp(request_info->request_method, "POST") == 0) && (content_type != NULL)) { - if((post_data = (char*)malloc(HTTP_MAX_POST_DATA_LEN * sizeof(char))) == NULL - || (post_data_len = mg_read(conn, post_data, HTTP_MAX_POST_DATA_LEN)) == 0) { + int content_len = mg_get_content_len(conn)+1; + + if (content_len > HTTP_MAX_POST_DATA_LEN) + content_len = HTTP_MAX_POST_DATA_LEN; + + if((post_data = (char*)malloc(content_len * sizeof(char))) == NULL + || (post_data_len = mg_read(conn, post_data, content_len)) == 0) { valid_csrf = 0; - } else if(post_data_len > HTTP_MAX_POST_DATA_LEN - 1) { + } else if(post_data_len > content_len - 1) { ntop->getTrace()->traceEvent(TRACE_WARNING, "Too much data submitted with the form. [post_data_len: %u]", post_data_len); diff --git a/third-party/mongoose/mongoose.c b/third-party/mongoose/mongoose.c index 19c1ea2714..711dc2b65d 100644 --- a/third-party/mongoose/mongoose.c +++ b/third-party/mongoose/mongoose.c @@ -1608,6 +1608,10 @@ static int pull(FILE *fp, struct mg_connection *conn, char *buf, int len) { return conn->ctx->stop_flag ? -1 : nread; } +int64_t mg_get_content_len(struct mg_connection *conn) { + return conn->content_len; +} + int mg_read(struct mg_connection *conn, void *buf, size_t len) { int n, buffered_len, nread; const char *body; diff --git a/third-party/mongoose/mongoose.h b/third-party/mongoose/mongoose.h index eaba3518f0..2414a6f43f 100644 --- a/third-party/mongoose/mongoose.h +++ b/third-party/mongoose/mongoose.h @@ -202,6 +202,8 @@ int mg_printf(struct mg_connection *, // Send contents of the entire file together with HTTP headers. void mg_send_file(struct mg_connection *conn, const char *path); +// Get the length of the data from the remote end +int64_t mg_get_content_len(struct mg_connection *conn); // Read data from the remote end, return number of bytes read. int mg_read(struct mg_connection *, void *buf, size_t len);