diff options
author | David Crocker <dcrocker@eschertech.com> | 2020-06-11 17:08:29 +0300 |
---|---|---|
committer | David Crocker <dcrocker@eschertech.com> | 2020-06-11 17:08:29 +0300 |
commit | efec21ccdd815019d6f271976d17edfe1323752a (patch) | |
tree | ba41a0e8391db75b189dc416e5f29d1d71a0fd4b | |
parent | 493f501932e4280545a8b0cf5543d16822827aa8 (diff) |
Fix for "Filename too long" message when HTTP OCSP request received
-rw-r--r-- | src/Configuration.h | 8 | ||||
-rw-r--r-- | src/Networking/HttpResponder.cpp | 58 |
2 files changed, 39 insertions, 27 deletions
diff --git a/src/Configuration.h b/src/Configuration.h index 4c2aa8a8..9bc3a6a9 100644 --- a/src/Configuration.h +++ b/src/Configuration.h @@ -356,6 +356,14 @@ constexpr size_t FILE_BUFFER_SIZE = 128; #define SCANS_DIRECTORY "0:/scans/" // Directory for uploaded 3D scans #define FILAMENTS_DIRECTORY "0:/filaments/" // Directory for filament configurations #define MENU_DIR "0:/menu/" // Directory for menu files + +// MaxExpectedWebDirFilenameLength is the maximum length of a filename that we can accept in a HTTP request without rejecting it out of hand +// It must be at least as long as any web file request from DWC, which is the file path excluding the initial "0:/www" and the trailing ".gz, possibly with "/" prepended. +// As at 2020-05-02 the longest filename requested by DWC is "/fonts/materialdesignicons-webfont.3e2c1c79.eot" which is 48 characters long +// It must be small enough that a filename within this length doesn't cause an overflow in MassStorage::CombineName. This is checked by the static_assert below. +constexpr size_t MaxExpectedWebDirFilenameLength = MaxFilenameLength - 20; +static_assert(MaxExpectedWebDirFilenameLength + strlen(WEB_DIR) + strlen(".gz") <= MaxFilenameLength); + #define UPLOAD_EXTENSION ".part" // Extension to a filename for a file being uploaded #define CONFIG_FILE "config.g" diff --git a/src/Networking/HttpResponder.cpp b/src/Networking/HttpResponder.cpp index 21dba593..a7b2da23 100644 --- a/src/Networking/HttpResponder.cpp +++ b/src/Networking/HttpResponder.cpp @@ -731,40 +731,44 @@ void HttpResponder::SendFile(const char* nameOfFileToSend, bool isWebFile) nameOfFileToSend = INDEX_PAGE_FILE; } - for (;;) + // OCSP requests can be very log and are generated by Kapersky AV. Reject them immediately to avoid "Filename too long" messages. + if (strlen(nameOfFileToSend) <= MaxExpectedWebDirFilenameLength) { - // Try to open a gzipped version of the file first - if (!StringEndsWithIgnoreCase(nameOfFileToSend, ".gz") && strlen(nameOfFileToSend) + 3 <= MaxFilenameLength) + for (;;) { - String<MaxFilenameLength> nameBuf; - nameBuf.copy(nameOfFileToSend); - nameBuf.cat(".gz"); - fileToSend = GetPlatform().OpenFile(GetPlatform().GetWebDir(), nameBuf.c_str(), OpenMode::read); + // Try to open a gzipped version of the file first + if (!StringEndsWithIgnoreCase(nameOfFileToSend, ".gz") && strlen(nameOfFileToSend) + 3 <= MaxFilenameLength) + { + String<MaxFilenameLength> nameBuf; + nameBuf.copy(nameOfFileToSend); + nameBuf.cat(".gz"); + fileToSend = GetPlatform().OpenFile(GetPlatform().GetWebDir(), nameBuf.c_str(), OpenMode::read); + if (fileToSend != nullptr) + { + zip = true; + break; + } + } + + // That failed, so try to open the normal version of the file + fileToSend = GetPlatform().OpenFile(GetPlatform().GetWebDir(), nameOfFileToSend, OpenMode::read); if (fileToSend != nullptr) { - zip = true; break; } - } - // That failed, so try to open the normal version of the file - fileToSend = GetPlatform().OpenFile(GetPlatform().GetWebDir(), nameOfFileToSend, OpenMode::read); - if (fileToSend != nullptr) - { - break; - } - - if (StringEqualsIgnoreCase(nameOfFileToSend, INDEX_PAGE_FILE)) - { - nameOfFileToSend = OLD_INDEX_PAGE_FILE; // the index file wasn't found, so try the old one - } - else if (!strchr(nameOfFileToSend, '.')) // if we were asked to return a file without a '.' in the name, return the index page - { - nameOfFileToSend = INDEX_PAGE_FILE; - } - else - { - break; + if (StringEqualsIgnoreCase(nameOfFileToSend, INDEX_PAGE_FILE)) + { + nameOfFileToSend = OLD_INDEX_PAGE_FILE; // the index file wasn't found, so try the old one + } + else if (!strchr(nameOfFileToSend, '.')) // if we were asked to return a file without a '.' in the name, return the index page + { + nameOfFileToSend = INDEX_PAGE_FILE; + } + else + { + break; + } } } |