CONTENT_LENGTH is a user supplied variable. Without any checks for size, one could easily DoS the machine with very large POSTS

git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@2196 4979c152-3d1c-0410-bac9-87ea11338e46
author: christopherm <christopherm@4979c152-3d1c-0410-bac9-87ea11338e46> 2008-07-08 19:36:23 +0000
committer: christopherm <christopherm@4979c152-3d1c-0410-bac9-87ea11338e46> 2008-07-08 19:36:23 +0000
commit: b9d31615182994d1ad9d883c6c364979ac0aa040 (patch)
tree: f5c4d2c7a3680fc17bc4e6bb3dcee33ed41e54ba /ledgersmb.conf.default
parent: 8176af5e128b19af81d509450027e59471a54559 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/ledgersmb.conf.default b/ledgersmb.conf.default
index 4fd3d54c..0090042e 100644
--- a/ledgersmb.conf.default
+++ b/ledgersmb.conf.default
@@ -10,6 +10,9 @@ latex : 1
 # Maximum number of invoices that can be printed on a cheque
 check_max_invoices : 5
 
+# Maximum POST size to prevent DoS (4MB default)
+max_form_size : 4194304
+
 [environment]
 # If the server can't find applications, append to the path
 PATH: /usr/local/pgsql/bin
author	christopherm <christopherm@4979c152-3d1c-0410-bac9-87ea11338e46>	2008-07-08 19:36:23 +0000
committer	christopherm <christopherm@4979c152-3d1c-0410-bac9-87ea11338e46>	2008-07-08 19:36:23 +0000
commit	b9d31615182994d1ad9d883c6c364979ac0aa040 (patch)
tree	f5c4d2c7a3680fc17bc4e6bb3dcee33ed41e54ba /ledgersmb.conf.default
parent	8176af5e128b19af81d509450027e59471a54559 (diff)