[squid-dev] [PATCH] Incorrect processing of long URIs

Eduard Bagdasaryan eduard.bagdasaryan at measurement-factory.com
Mon Aug 22 22:24:49 UTC 2016


Hello,

This patch makes Squid respond with 414 (URI Too Long) when request
target exceeds limits.

Before the fix, Squid simply closed client connection after receiving a
huge URI (or a huge request-line), violating the RFC 7230 MUST. This
happened because a high-level Must(have buffer space) check in
ConnStateData::clientParseRequests() would throw an exception. Now these
problems are detected inside the low-level RequestParser code, where we
can distinguish huge URIs from huge methods.

Regards,
Eduard.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SQUID-169-incorrect-processing-of-long-uris-t3.patch
Type: text/x-patch
Size: 8495 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20160823/aec867f4/attachment.bin>


More information about the squid-dev mailing list