Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bmcweb / 0e1cf26b1cd98e0ec069e6187434fcabf1e9c200^! / .
commit0e1cf26b1cd98e0ec069e6187434fcabf1e9c200[log] [tgz]
authorAdriana Kobylak <anoo@us.ibm.com>Thu Dec 05 13:57:57 2019 -0600
committerAdriana Kobylak <anoo@linux.ibm.com>Thu Dec 19 14:30:48 2019 +0000
treee390d202eafebcfb12378a64ea9d2d870c04d454
parentc00500bcb9c5145f5cacb78bbe3dd694fb85ba0a [diff]
Make the max http request body size configurable

OpenBMC supports "System" or "bundled" images that contain two or more
firmware images, such as BMC and Host or PSU firmware, making the
resulting image file greater than the current limit of 30MB.

Make the http request body size configurable to allow bigger files to
be uploaded.

Tested:
- Upload a regular BMC image still works.
- Uploading a 50MB firmware image that contains the host fw fails:
$ curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/octet-stream" -X POST -T obmc-phosphor-image-witherspoon-128.ubi.mtd.tar https://${bmc}/upload/image
curl: (52) Empty reply from server

- With the "-DBMCWEB_HTTP_REQ_BODY_LIMIT_MB=128" compile option works:
$ curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/octet-stream" -X POST -T obmc-phosphor-image-witherspoon-128.ubi.mtd.tar https://${bmc}/upload/image
{
  "data": "19e6fe13",
  "message": "200 OK",
  "status": "ok"
}

Change-Id: I0b0e1032c9daf00a01e42ac5ee1c0d979f857d5e
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 22bc6ad..cf5a93f 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt

@@ -119,7 +119,10 @@
     OFF
 )
 
+set (BMCWEB_HTTP_REQ_BODY_LIMIT_MB "30" CACHE STRING
+     "The max HTTP request body size in MB")
 
+configure_file(config.h.in ${CMAKE_CURRENT_SOURCE_DIR}/include/config.h)
 
 if (BMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION AND BMCWEB_INSECURE_DISABLE_SSL)
     message("SSL Must be enabled to allow SSL authentication")

diff --git a/config.h.in b/config.h.in
new file mode 100644
index 0000000..70b98c9
--- /dev/null
+++ b/config.h.in

@@ -0,0 +1 @@
+#cmakedefine BMCWEB_HTTP_REQ_BODY_LIMIT_MB @BMCWEB_HTTP_REQ_BODY_LIMIT_MB@

diff --git a/http/http_connection.h b/http/http_connection.h
index 5a4ff57..4ef3bc6 100644
--- a/http/http_connection.h
+++ b/http/http_connection.h

@@ -1,4 +1,6 @@
 #pragma once
+#include "config.h"
+
 #include "http_utility.hpp"
 
 #include <atomic>
@@ -241,8 +243,9 @@
 static std::atomic<int> connectionCount;
 #endif
 
-// request body limit size: 30M
-constexpr unsigned int httpReqBodyLimit = 1024 * 1024 * 30;
+// request body limit size set by the BMCWEB_HTTP_REQ_BODY_LIMIT_MB option
+constexpr unsigned int httpReqBodyLimit =
+    1024 * 1024 * BMCWEB_HTTP_REQ_BODY_LIMIT_MB;
 
 template <typename Adaptor, typename Handler, typename... Middlewares>
 class Connection : public std::enable_shared_from_this<
@@ -260,8 +263,9 @@
         timerQueue(timerQueueIn)
     {
         parser.emplace(std::piecewise_construct, std::make_tuple());
-        // Temporarily changed to 30MB; Need to modify uploading/authentication
-        // mechanism
+        // Temporarily set by the BMCWEB_HTTP_REQ_BODY_LIMIT_MB variable; Need
+        // to modify uploading/authentication mechanism to a better method that
+        // disallows a DOS attack based on a large file size.
         parser->body_limit(httpReqBodyLimit);
         req.emplace(parser->get());