Fix a bug in Mojo::Message::Request where message size limits were no…

…t always correctly applied
mojolicious · Aug 28, 2024 · ecb44cf · ecb44cf
1 parent 1c6b7f5
commit ecb44cf
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 2 deletions.
diff --git a/Changes b/Changes
@@ -1,5 +1,7 @@
 
-9.39  2024-08-18
+9.39  2024-08-28
+  - Fixed a bug in Mojo::Message::Request where message size limits were not always correctly applied.
+    (Alexander Kuehne)
 
 9.38  2024-08-17
   - Added support for new core booleans in Perl 5.36+ to Mojo::JSON. (haarg)

diff --git a/lib/Mojo/Message/Request.pm b/lib/Mojo/Message/Request.pm
@@ -116,7 +116,10 @@ sub parse {
   if (($self->{state} // '') ne 'cgi') { $self->SUPER::parse($chunk) }
 
   # Parse CGI content
-  else { $self->content($self->content->parse_body($chunk))->SUPER::parse('') }
+  else {
+    $self->{raw_size} += length $chunk unless defined $env;
+    $self->content($self->content->parse_body($chunk))->SUPER::parse('');
+  }
 
   # Check if we can fix things that require all headers
   return $self unless $self->is_finished;

diff --git a/lib/Mojolicious.pm b/lib/Mojolicious.pm
@@ -871,6 +871,8 @@ Alex Salimon
 
 Alexander Karelas
 
+Alexander Kuehne
+
 Alexey Likhatskiy
 
 Anatoly Sharifulin

diff --git a/t/mojo/request_cgi.t b/t/mojo/request_cgi.t
@@ -93,6 +93,37 @@ subtest 'Parse Apache CGI environment variables and body' => sub {
     'right absolute URL';
 };
 
+subtest 'Parse CGI environment with maximum message size' => sub {
+  my $req = Mojo::Message::Request->new;
+  $req->max_message_size(10);
+  $req->parse({
+    CONTENT_LENGTH  => 26,
+    CONTENT_TYPE    => 'application/x-www-form-urlencoded',
+    HTTP_DNT        => 1,
+    PATH_INFO       => '/test/index.cgi/foo/bar',
+    QUERY_STRING    => 'lalala=23&bar=baz',
+    REQUEST_METHOD  => 'POST',
+    SCRIPT_NAME     => '/test/index.cgi',
+    HTTP_HOST       => 'localhost:8080',
+    SERVER_PROTOCOL => 'HTTP/1.0'
+  });
+  $req->parse('abcdefghijklm');
+  $req->parse('nopqrstuvwxyz');
+  ok $req->is_finished,       'request is finished';
+  ok $req->is_limit_exceeded, 'limit exceeded';
+  is $req->method,          'POST',              'right method';
+  is $req->url->path,       'foo/bar',           'right path';
+  is $req->url->base->path, '/test/index.cgi/',  'right base path';
+  is $req->url->base->host, 'localhost',         'right base host';
+  is $req->url->base->port, 8080,                'right base port';
+  is $req->url->query,      'lalala=23&bar=baz', 'right query';
+  is $req->version,         '1.0',               'right version';
+  is $req->headers->dnt,    1,                   'right "DNT" value';
+  is $req->body,            'abcdefghijklm',     'right content';
+  is $req->url->to_abs->to_string, 'http://localhost:8080/test/index.cgi/foo/bar?lalala=23&bar=baz',
+    'right absolute URL';
+};
+
 subtest 'Parse Apache CGI environment variables and body (file storage)' => sub {
   local $ENV{MOJO_MAX_MEMORY_SIZE} = 10;
   my $req = Mojo::Message::Request->new;