diff options
| author | Adriana Kobylak <anoo@us.ibm.com> | 2019-12-05 13:57:57 -0600 |
|---|---|---|
| committer | Adriana Kobylak <anoo@linux.ibm.com> | 2019-12-19 14:30:48 +0000 |
| commit | 0e1cf26b1cd98e0ec069e6187434fcabf1e9c200 (patch) | |
| tree | e390d202eafebcfb12378a64ea9d2d870c04d454 | |
| parent | c00500bcb9c5145f5cacb78bbe3dd694fb85ba0a (diff) | |
| download | bmcweb-0e1cf26b1cd98e0ec069e6187434fcabf1e9c200.tar.gz bmcweb-0e1cf26b1cd98e0ec069e6187434fcabf1e9c200.zip | |
Make the max http request body size configurable
OpenBMC supports "System" or "bundled" images that contain two or more
firmware images, such as BMC and Host or PSU firmware, making the
resulting image file greater than the current limit of 30MB.
Make the http request body size configurable to allow bigger files to
be uploaded.
Tested:
- Upload a regular BMC image still works.
- Uploading a 50MB firmware image that contains the host fw fails:
$ curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/octet-stream" -X POST -T obmc-phosphor-image-witherspoon-128.ubi.mtd.tar https://${bmc}/upload/image
curl: (52) Empty reply from server
- With the "-DBMCWEB_HTTP_REQ_BODY_LIMIT_MB=128" compile option works:
$ curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/octet-stream" -X POST -T obmc-phosphor-image-witherspoon-128.ubi.mtd.tar https://${bmc}/upload/image
{
"data": "19e6fe13",
"message": "200 OK",
"status": "ok"
}
Change-Id: I0b0e1032c9daf00a01e42ac5ee1c0d979f857d5e
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
| -rw-r--r-- | CMakeLists.txt | 3 | ||||
| -rw-r--r-- | config.h.in | 1 | ||||
| -rw-r--r-- | http/http_connection.h | 12 |
3 files changed, 12 insertions, 4 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index 22bc6ad..cf5a93f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -119,7 +119,10 @@ option ( OFF ) +set (BMCWEB_HTTP_REQ_BODY_LIMIT_MB "30" CACHE STRING + "The max HTTP request body size in MB") +configure_file(config.h.in ${CMAKE_CURRENT_SOURCE_DIR}/include/config.h) if (BMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION AND BMCWEB_INSECURE_DISABLE_SSL) message("SSL Must be enabled to allow SSL authentication") diff --git a/config.h.in b/config.h.in new file mode 100644 index 0000000..70b98c9 --- /dev/null +++ b/config.h.in @@ -0,0 +1 @@ +#cmakedefine BMCWEB_HTTP_REQ_BODY_LIMIT_MB @BMCWEB_HTTP_REQ_BODY_LIMIT_MB@ diff --git a/http/http_connection.h b/http/http_connection.h index 5a4ff57..4ef3bc6 100644 --- a/http/http_connection.h +++ b/http/http_connection.h @@ -1,4 +1,6 @@ #pragma once +#include "config.h" + #include "http_utility.hpp" #include <atomic> @@ -241,8 +243,9 @@ typename std::enable_if<(N > 0)>::type static std::atomic<int> connectionCount; #endif -// request body limit size: 30M -constexpr unsigned int httpReqBodyLimit = 1024 * 1024 * 30; +// request body limit size set by the BMCWEB_HTTP_REQ_BODY_LIMIT_MB option +constexpr unsigned int httpReqBodyLimit = + 1024 * 1024 * BMCWEB_HTTP_REQ_BODY_LIMIT_MB; template <typename Adaptor, typename Handler, typename... Middlewares> class Connection : public std::enable_shared_from_this< @@ -260,8 +263,9 @@ class Connection : public std::enable_shared_from_this< timerQueue(timerQueueIn) { parser.emplace(std::piecewise_construct, std::make_tuple()); - // Temporarily changed to 30MB; Need to modify uploading/authentication - // mechanism + // Temporarily set by the BMCWEB_HTTP_REQ_BODY_LIMIT_MB variable; Need + // to modify uploading/authentication mechanism to a better method that + // disallows a DOS attack based on a large file size. parser->body_limit(httpReqBodyLimit); req.emplace(parser->get()); |
