[Bug 69546] New: Upload file size limit bypass via Partial PUT when LimitRequestBody is set

bugzilla Wed, 22 Jan 2025 19:05:24 -0800

https://bz.apache.org/bugzilla/show_bug.cgi?id=69546


            Bug ID: 69546
           Summary: Upload file size limit bypass via Partial PUT when
                    LimitRequestBody is set
           Product: Apache httpd-2
           Version: 2.4.62
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_dav
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

Created attachment 39975
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=39975&action=edit
Upload file size limitation bypass via Partial PUT

Steps:
1. Dav On, LimitRequestBody 1048576
2. Try to upload a 1GB file.
curl -i http://localhost/uploads/file-toooooo-large.dat -X PUT -H
"Content-Range: bytes 1073741823-1073741823/1073741824" -d A
3. HTTP/1.1 201 Created

Expectation:
sc 413 expected. Enforce limitation on upload file size ("LimitRequestBody") to
those PUTs with Content-Range header.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 69546] New: Upload file size limit bypass via Partial PUT when LimitRequestBody is set

Reply via email to