httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jwool...@apache.org
Subject cvs commit: httpd-2.0/modules/http http_protocol.c
Date Tue, 18 Jun 2002 01:30:35 GMT
jwoolley    2002/06/17 18:30:35

  Modified:    modules/http Tag: APACHE_2_0_39_BRANCH http_protocol.c
  Log:
  alright, so I messed up the last branch attempt.  :(  anyway, let's try
  that again, this time with rev's 1.438 and 1.439 from the main branch.
  
  Revision  Changes    Path
  No                   revision
  
  
  No                   revision
  
  
  1.436.6.1 +41 -5     httpd-2.0/modules/http/http_protocol.c
  
  Index: http_protocol.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/http/http_protocol.c,v
  retrieving revision 1.436
  retrieving revision 1.436.6.1
  diff -u -d -u -r1.436 -r1.436.6.1
  --- http_protocol.c	13 Jun 2002 20:30:09 -0000	1.436
  +++ http_protocol.c	18 Jun 2002 01:30:34 -0000	1.436.6.1
  @@ -794,14 +794,39 @@
           }
           else if (lenp) {
               const char *pos = lenp;
  +            int conversion_error = 0;
   
  +            /* This ensures that the number can not be negative. */
               while (apr_isdigit(*pos) || apr_isspace(*pos)) {
                   ++pos;
               }
   
               if (*pos == '\0') {
  +                char *endstr;
  +
  +                errno = 0;
                   ctx->state = BODY_LENGTH;
  -                ctx->remaining = atol(lenp);
  +                ctx->remaining = strtol(lenp, &endstr, 10);
  +
  +                if (errno || (endstr && *endstr)) {
  +                    conversion_error = 1; 
  +                }
  +            }
  +
  +            if (*pos != '\0' || conversion_error) {
  +                apr_bucket_brigade *bb;
  +
  +                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, f->r,
  +                              "Invalid Content-Length");
  +
  +                bb = apr_brigade_create(f->r->pool, f->c->bucket_alloc);
  +                e = ap_bucket_error_create(HTTP_REQUEST_ENTITY_TOO_LARGE, NULL,
  +                                           f->r->pool, f->c->bucket_alloc);
  +                APR_BRIGADE_INSERT_TAIL(bb, e);
  +                e = apr_bucket_eos_create(f->c->bucket_alloc);
  +                APR_BRIGADE_INSERT_TAIL(bb, e);
  +                ctx->eos_sent = 1;
  +                return ap_pass_brigade(f->r->output_filters, bb);
               }
               
               /* If we have a limit in effect and we know the C-L ahead of
  @@ -1683,17 +1708,28 @@
       }
       else if (lenp) {
           const char *pos = lenp;
  +        int conversion_error = 0;
   
           while (apr_isdigit(*pos) || apr_isspace(*pos)) {
               ++pos;
           }
  -        if (*pos != '\0') {
  +
  +        if (*pos == '\0') {
  +            char *endstr;
  +
  +            errno = 0;
  +            r->remaining = strtol(lenp, &endstr, 10);
  +
  +            if (errno || (endstr && *endstr)) {
  +                conversion_error = 1; 
  +            }
  +        }
  +
  +        if (*pos != '\0' || conversion_error) {
               ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
  -                          "Invalid Content-Length %s", lenp);
  +                          "Invalid Content-Length");
               return HTTP_BAD_REQUEST;
           }
  -
  -        r->remaining = atol(lenp);
       }
   
       if ((r->read_body == REQUEST_NO_BODY)
  
  
  

Mime
View raw message