From 28841bfc3dee3c80cc8feb3fe89e1f5803fddfc3 Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Tue, 5 Jul 2016 16:34:04 -0400
Subject: [PATCH] [core] fix server.max-request-size to be precise (fixes
 #2131)

(previously would allow up to 1k data above configured limit)

x-ref:
  "max-request-size comparing mistake"
  https://redmine.lighttpd.net/issues/2131
---
 src/request.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/request.c b/src/request.c
index 50898602..72be9c44 100644
--- a/src/request.c
+++ b/src/request.c
@@ -1277,9 +1277,9 @@ int http_request_parse(server *srv, connection *con) {
 			return 0;
 		}
 
-		/* divide by 1024 as srvconf.max_request_size is in kBytes */
+		/* srvconf.max_request_size is in kBytes */
 		if (srv->srvconf.max_request_size != 0 &&
-		    (con->request.content_length >> 10) > srv->srvconf.max_request_size) {
+		    (off_t)con->request.content_length > ((off_t)srv->srvconf.max_request_size << 10)) {
 			/* the request body itself is larger then
 			 * our our max_request_size
 			 */
-- 
2.11.4.GIT