From ce259c4061905bf834f9af51c92456cfe8335ddc Mon Sep 17 00:00:00 2001
From: Eric Covener <covener@apache.org>
Date: Wed, 1 Jun 2022 12:31:48 +0000
Subject: [PATCH] Merge r1901497 from trunk:

use a liberal default limit for LimitRequestBody of 1GB


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1901499 13f79535-47bb-0310-9956-ffa450edef68
Origin: https://github.com/apache/httpd/commit/ce259c4061905bf834f9af51c92456cfe8335ddc
---
 modules/http/http_filters.c    |    6 ++++++
 modules/proxy/mod_proxy_http.c |   14 --------------
 server/core.c                  |    2 +-
 3 files changed, 7 insertions(+), 15 deletions(-)

--- a/modules/http/http_filters.c
+++ b/modules/http/http_filters.c
@@ -1657,6 +1657,7 @@
 {
     const char *tenc = apr_table_get(r->headers_in, "Transfer-Encoding");
     const char *lenp = apr_table_get(r->headers_in, "Content-Length");
+    apr_off_t limit_req_body = ap_get_limit_req_body(r);
 
     r->read_body = read_policy;
     r->read_chunked = 0;
@@ -1695,6 +1696,11 @@
         return HTTP_REQUEST_ENTITY_TOO_LARGE;
     }
 
+    if (limit_req_body > 0 && (r->remaining > limit_req_body)) {
+        /* will be logged when the body is discarded */
+        return HTTP_REQUEST_ENTITY_TOO_LARGE;
+    }
+
 #ifdef AP_DEBUG
     {
         /* Make sure ap_getline() didn't leave any droppings. */
--- a/server/core.c
+++ b/server/core.c
@@ -61,7 +61,7 @@
 
 /* LimitRequestBody handling */
 #define AP_LIMIT_REQ_BODY_UNSET         ((apr_off_t) -1)
-#define AP_DEFAULT_LIMIT_REQ_BODY       ((apr_off_t) 0)
+#define AP_DEFAULT_LIMIT_REQ_BODY       ((apr_off_t) 1<<30) /* 1GB */
 
 /* LimitXMLRequestBody handling */
 #define AP_LIMIT_UNSET                  ((long) -1)
--- a/modules/proxy/mod_proxy_http.c
+++ b/modules/proxy/mod_proxy_http.c
@@ -512,12 +512,9 @@
     apr_bucket *e;
     apr_off_t bytes, bytes_spooled = 0, fsize = 0;
     apr_file_t *tmpfile = NULL;
-    apr_off_t limit;
 
     body_brigade = apr_brigade_create(p, bucket_alloc);
 
-    limit = ap_get_limit_req_body(r);
-
     while (!APR_BUCKET_IS_EOS(APR_BRIGADE_FIRST(input_brigade)))
     {
         /* If this brigade contains EOS, either stop or remove it. */
@@ -532,17 +529,6 @@
         apr_brigade_length(input_brigade, 1, &bytes);
 
         if (bytes_spooled + bytes > MAX_MEM_SPOOL) {
-            /*
-             * LimitRequestBody does not affect Proxy requests (Should it?).
-             * Let it take effect if we decide to store the body in a
-             * temporary file on disk.
-             */
-            if (limit && (bytes_spooled + bytes > limit)) {
-                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01088)
-                              "Request body is larger than the configured "
-                              "limit of %" APR_OFF_T_FMT, limit);
-                return HTTP_REQUEST_ENTITY_TOO_LARGE;
-            }
             /* can't spool any more in memory; write latest brigade to disk */
             if (tmpfile == NULL) {
                 const char *temp_dir;