httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jerenkra...@apache.org
Subject cvs commit: httpd-2.0/modules/http http_protocol.c
Date Mon, 17 Jun 2002 22:46:30 GMT
jerenkrantz    2002/06/17 15:46:30

  Modified:    modules/http http_protocol.c
  Log:
  Do not use atol() for the Content-Length parsing as its handling of error
  cases is undetermined by the ANSI C standard.
  
  Instead, use strtol() with a check for the ERANGE error condition.
  
  Revision  Changes    Path
  1.438     +37 -5     httpd-2.0/modules/http/http_protocol.c
  
  Index: http_protocol.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/http/http_protocol.c,v
  retrieving revision 1.437
  retrieving revision 1.438
  diff -u -r1.437 -r1.438
  --- http_protocol.c	17 Jun 2002 05:09:45 -0000	1.437
  +++ http_protocol.c	17 Jun 2002 22:46:30 -0000	1.438
  @@ -794,14 +794,37 @@
           }
           else if (lenp) {
               const char *pos = lenp;
  +            int conversion_error = 0;
   
  +            /* This ensures that the number can not be negative. */
               while (apr_isdigit(*pos) || apr_isspace(*pos)) {
                   ++pos;
               }
   
               if (*pos == '\0') {
  +                char *endstr;
                   ctx->state = BODY_LENGTH;
  -                ctx->remaining = atol(lenp);
  +                ctx->remaining = strtol(lenp, &endstr, 10);
  +
  +                if (errno == ERANGE) {
  +                    conversion_error = 1; 
  +                }
  +            }
  +
  +            if (*pos != '\0' || conversion_error) {
  +                apr_bucket_brigade *bb;
  +
  +                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, f->r,
  +                              "Invalid Content-Length");
  +
  +                bb = apr_brigade_create(f->r->pool, f->c->bucket_alloc);
  +                e = ap_bucket_error_create(HTTP_REQUEST_ENTITY_TOO_LARGE, NULL,
  +                                           f->r->pool, f->c->bucket_alloc);
  +                APR_BRIGADE_INSERT_TAIL(bb, e);
  +                e = apr_bucket_eos_create(f->c->bucket_alloc);
  +                APR_BRIGADE_INSERT_TAIL(bb, e);
  +                ctx->eos_sent = 1;
  +                return ap_pass_brigade(f->r->output_filters, bb);
               }
               
               /* If we have a limit in effect and we know the C-L ahead of
  @@ -1683,17 +1706,26 @@
       }
       else if (lenp) {
           const char *pos = lenp;
  +        int conversion_error = 0;
   
           while (apr_isdigit(*pos) || apr_isspace(*pos)) {
               ++pos;
           }
  -        if (*pos != '\0') {
  +
  +        if (*pos == '\0') {
  +            char *endstr;
  +            r->remaining = strtol(lenp, &endstr, 10);
  +
  +            if (errno == ERANGE || errno == EINVAL) {
  +                conversion_error = 1; 
  +            }
  +        }
  +
  +        if (*pos != '\0' || conversion_error) {
               ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
  -                          "Invalid Content-Length %s", lenp);
  +                          "Invalid Content-Length");
               return HTTP_BAD_REQUEST;
           }
  -
  -        r->remaining = atol(lenp);
       }
   
       if ((r->read_body == REQUEST_NO_BODY)
  
  
  

Mime
View raw message