Fix: handle max_request_size<=0 (#10072)

* Fix: handle max_request_size<=0 Signed-off-by: guacamole <gunjanwalecha@gmail.com> * created test cases for listener Signed-off-by: guacamole <gunjanwalecha@gmail.com> * added test case for negative value of MaxRequestSize Signed-off-by: guacamole <gunjanwalecha@gmail.com> Co-authored-by: Hridoy Roy <roy@hashicorp.com>

Fix: handle max_request_size<=0 (#10072)
* Fix: handle max_request_size<=0 Signed-off-by: guacamole <gunjanwalecha@gmail.com> * created test cases for listener Signed-off-by: guacamole <gunjanwalecha@gmail.com> * added test case for negative value of MaxRequestSize Signed-off-by: guacamole <gunjanwalecha@gmail.com> Co-authored-by: Hridoy Roy <roy@hashicorp.com>
86b29bed · Gunjan · GitHub · 849bf65f · 86b29bed · 86b29bed
Unverified Commit 86b29bed authored 4 years ago by Gunjan Committed by GitHub 4 years ago
Hide whitespace changes
Inline Side-by-side

Showing

with 32 additions and 10 deletions
+32 -10
--- a/http/handler.go
+++ b/http/handler.go
@@ -288,6 +288,7 @@ func wrapGenericHandler(core *vault.Core, h http.Handler, props *vault.HandlerPr
 		} else {
 			ctx, cancelFunc = context.WithTimeout(ctx, maxRequestDuration)
 		}
+		// if maxRequestSize < 0, no need to set context value
 		// Add a size limiter if desired
 		if maxRequestSize > 0 {
 			ctx = context.WithValue(ctx, "max_request_size", maxRequestSize)

--- a/http/logical_test.go
+++ b/http/logical_test.go
@@ -4,6 +4,12 @@ import (
 	"bytes"
 	"context"
 	"encoding/json"
+	"github.com/hashicorp/vault/internalshared/configutil"
+	"github.com/hashicorp/vault/sdk/helper/consts"
+	"github.com/hashicorp/vault/sdk/helper/logging"
+	"github.com/hashicorp/vault/sdk/logical"
+	"github.com/hashicorp/vault/sdk/physical"
+	"github.com/hashicorp/vault/sdk/physical/inmem"
 	"io"
 	"io/ioutil"
 	"net/http"
@@ -19,11 +25,6 @@ import (

 	"github.com/hashicorp/vault/audit"
 	"github.com/hashicorp/vault/helper/namespace"
-	"github.com/hashicorp/vault/sdk/helper/consts"
-	"github.com/hashicorp/vault/sdk/helper/logging"
-	"github.com/hashicorp/vault/sdk/logical"
-	"github.com/hashicorp/vault/sdk/physical"
-	"github.com/hashicorp/vault/sdk/physical/inmem"
 	"github.com/hashicorp/vault/vault"
 )

@@ -273,8 +274,32 @@ func TestLogical_RequestSizeLimit(t *testing.T) {
 	resp := testHttpPut(t, token, addr+"/v1/secret/foo", map[string]interface{}{
 		"data": make([]byte, DefaultMaxRequestSize),
 	})
-	testResponseStatus(t, resp, 413)
+	testResponseStatus(t, resp, http.StatusRequestEntityTooLarge)
 }
+func TestLogical_RequestSizeDisableLimit(t *testing.T) {
+	core, _, token := vault.TestCoreUnsealed(t)
+	ln, addr := TestListener(t)
+	props := &vault.HandlerProperties{
+		Core: core,
+		ListenerConfig: &configutil.Listener{
+			MaxRequestSize: -1,
+			Address: "127.0.0.1",
+			TLSDisable: true,
+		},
+	}
+	TestServerWithListenerAndProperties(t, ln, addr, core, props)
+
+	defer ln.Close()
+	TestServerAuth(t, addr, token)
+
+	// Write a very large object, should pass as MaxRequestSize set to -1/Negative value
+
+	resp := testHttpPut(t, token, addr+"/v1/secret/foo", map[string]interface{}{
+		"data": make([]byte, DefaultMaxRequestSize),
+	})
+	testResponseStatus(t, resp,http.StatusNoContent)
+}
+

 func TestLogical_ListSuffix(t *testing.T) {
 	core, _, rootToken := vault.TestCoreUnsealed(t)

--- a/internalshared/configutil/listener.go
+++ b/internalshared/configutil/listener.go
@@ -147,10 +147,6 @@ func ParseListeners(result *SharedConfig, list *ast.ObjectList) error {
 					return multierror.Prefix(fmt.Errorf("error parsing max_request_size: %w", err), fmt.Sprintf("listeners.%d", i))
 				}

-				if l.MaxRequestSize < 0 {
-					return multierror.Prefix(errors.New("max_request_size cannot be negative"), fmt.Sprintf("listeners.%d", i))
-				}
-
 				l.MaxRequestSizeRaw = nil
 			}