httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject [PATCH] 2.0 - bad vs overflow
Date Fri, 21 Jun 2002 13:51:45 GMT
This seems a bit more accurate to me... Comments?

Index: modules/http/http_protocol.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/http/http_protocol.c,v
retrieving revision 1.440
diff -u -r1.440 http_protocol.c
--- modules/http/http_protocol.c	19 Jun 2002 18:43:28 -0000	1.440
+++ modules/http/http_protocol.c	21 Jun 2002 13:44:28 -0000
@@ -795,6 +795,7 @@
         else if (lenp) {
             const char *pos = lenp;
             int conversion_error = 0;
+            int ou_flow = 0;
 
             /* This ensures that the number can not be negative. */
             while (apr_isdigit(*pos) || apr_isspace(*pos)) {
@@ -808,20 +809,29 @@
                 ctx->state = BODY_LENGTH;
                 ctx->remaining = strtol(lenp, &endstr, 10);
 
-                if (errno || (endstr && *endstr)) {
+                if (errno == ERANGE) { /* depend on ANSI strtol */
+                    ou_flow = 1;
+                }
+                else if (errno || (endstr && *endstr)) {
                     conversion_error = 1; 
                 }
             }
 
-            if (*pos != '\0' || conversion_error) {
+            if (*pos != '\0' || conversion_error || ou_flow) {
                 apr_bucket_brigade *bb;
 
                 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, f->r,
                               "Invalid Content-Length");
 
                 bb = apr_brigade_create(f->r->pool, f->c->bucket_alloc);
-                e = ap_bucket_error_create(HTTP_REQUEST_ENTITY_TOO_LARGE, NULL,
+                if (ou_flow) {
+                    e = ap_bucket_error_create(HTTP_REQUEST_ENTITY_TOO_LARGE, NULL,
                                            f->r->pool, f->c->bucket_alloc);
+                }
+                else {
+                    e = ap_bucket_error_create(HTTP_BAD_REQUEST, NULL,
+                                           f->r->pool, f->c->bucket_alloc);
+                }
                 APR_BRIGADE_INSERT_TAIL(bb, e);
                 e = apr_bucket_eos_create(f->c->bucket_alloc);
                 APR_BRIGADE_INSERT_TAIL(bb, e);
@@ -1709,6 +1719,7 @@
     else if (lenp) {
         const char *pos = lenp;
         int conversion_error = 0;
+        int ou_flow = 0;
 
         while (apr_isdigit(*pos) || apr_isspace(*pos)) {
             ++pos;
@@ -1720,15 +1731,23 @@
             errno = 0;
             r->remaining = strtol(lenp, &endstr, 10);
 
-            if (errno || (endstr && *endstr)) {
+            if (errno == ERANGE) {  /* depend on ANSI strtol */
+                ou_flow = 1;
+            }
+            else if (errno || (endstr && *endstr)) {
                 conversion_error = 1; 
             }
         }
 
-        if (*pos != '\0' || conversion_error) {
+        if (*pos != '\0' || conversion_error || ou_flow) {
             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                           "Invalid Content-Length");
-            return HTTP_BAD_REQUEST;
+            if (ou_flow) {
+                return HTTP_REQUEST_ENTITY_TOO_LARGE;
+            }
+            else {
+                return HTTP_BAD_REQUEST;
+            }
         }
     }
 
@@ -1738,6 +1757,7 @@
                       "%s with body is not allowed for %s", r->method, r->uri);
         return HTTP_REQUEST_ENTITY_TOO_LARGE;
     }
+
 
 #ifdef AP_DEBUG
     {
-- 
===========================================================================
   Jim Jagielski   [|]   jim@jaguNET.com   [|]   http://www.jaguNET.com/
      "A society that will trade a little liberty for a little order
             will lose both and deserve neither" - T.Jefferson

Mime
View raw message