diff options
| author | Adriana Kobylak <anoo@us.ibm.com> | 2019-12-05 13:57:57 -0600 |
|---|---|---|
| committer | Adriana Kobylak <anoo@linux.ibm.com> | 2019-12-19 14:30:48 +0000 |
| commit | 0e1cf26b1cd98e0ec069e6187434fcabf1e9c200 (patch) | |
| tree | e390d202eafebcfb12378a64ea9d2d870c04d454 /http | |
| parent | c00500bcb9c5145f5cacb78bbe3dd694fb85ba0a (diff) | |
| download | bmcweb-0e1cf26b1cd98e0ec069e6187434fcabf1e9c200.tar.gz bmcweb-0e1cf26b1cd98e0ec069e6187434fcabf1e9c200.zip | |
Make the max http request body size configurable
OpenBMC supports "System" or "bundled" images that contain two or more
firmware images, such as BMC and Host or PSU firmware, making the
resulting image file greater than the current limit of 30MB.
Make the http request body size configurable to allow bigger files to
be uploaded.
Tested:
- Upload a regular BMC image still works.
- Uploading a 50MB firmware image that contains the host fw fails:
$ curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/octet-stream" -X POST -T obmc-phosphor-image-witherspoon-128.ubi.mtd.tar https://${bmc}/upload/image
curl: (52) Empty reply from server
- With the "-DBMCWEB_HTTP_REQ_BODY_LIMIT_MB=128" compile option works:
$ curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/octet-stream" -X POST -T obmc-phosphor-image-witherspoon-128.ubi.mtd.tar https://${bmc}/upload/image
{
"data": "19e6fe13",
"message": "200 OK",
"status": "ok"
}
Change-Id: I0b0e1032c9daf00a01e42ac5ee1c0d979f857d5e
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
Diffstat (limited to 'http')
| -rw-r--r-- | http/http_connection.h | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/http/http_connection.h b/http/http_connection.h index 5a4ff57..4ef3bc6 100644 --- a/http/http_connection.h +++ b/http/http_connection.h @@ -1,4 +1,6 @@ #pragma once +#include "config.h" + #include "http_utility.hpp" #include <atomic> @@ -241,8 +243,9 @@ typename std::enable_if<(N > 0)>::type static std::atomic<int> connectionCount; #endif -// request body limit size: 30M -constexpr unsigned int httpReqBodyLimit = 1024 * 1024 * 30; +// request body limit size set by the BMCWEB_HTTP_REQ_BODY_LIMIT_MB option +constexpr unsigned int httpReqBodyLimit = + 1024 * 1024 * BMCWEB_HTTP_REQ_BODY_LIMIT_MB; template <typename Adaptor, typename Handler, typename... Middlewares> class Connection : public std::enable_shared_from_this< @@ -260,8 +263,9 @@ class Connection : public std::enable_shared_from_this< timerQueue(timerQueueIn) { parser.emplace(std::piecewise_construct, std::make_tuple()); - // Temporarily changed to 30MB; Need to modify uploading/authentication - // mechanism + // Temporarily set by the BMCWEB_HTTP_REQ_BODY_LIMIT_MB variable; Need + // to modify uploading/authentication mechanism to a better method that + // disallows a DOS attack based on a large file size. parser->body_limit(httpReqBodyLimit); req.emplace(parser->get()); |
