moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-08-13 17:03:50 -04:00
Code Issues Releases Wiki Activity

fix Content-Length validation

Browse Source
This commit is contained in:
Yang Tse 2010-02-16 11:17:00 +00:00
parent bb2d9c3704
commit f442dd6496
2 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
tests/server/rtspd.c
View File

@ -581,10 +581,12 @@ static int ProcessRequest(struct httprequest *req)
char *endptr; char *endptr;
char *ptr = line + 15; char *ptr = line + 15;
unsigned long clen = 0; unsigned long clen = 0;
while(*ptr && (' ' == *ptr)) while(*ptr && ISSPACE(*ptr))
ptr++; ptr++;
endptr = ptr;
SET_ERRNO(0);
clen = strtoul(ptr, &endptr, 10); clen = strtoul(ptr, &endptr, 10);
if((ptr == endptr) || ERRNO) { if((ptr == endptr) || !ISSPACE(*endptr) || (ERANGE == ERRNO)) {
/* this assumes that a zero Content-Length is valid */ /* this assumes that a zero Content-Length is valid */
logmsg("Found invalid Content-Length: (%s) in the request", ptr); logmsg("Found invalid Content-Length: (%s) in the request", ptr);
req->open = FALSE; /* closes connection */ req->open = FALSE; /* closes connection */

6
tests/server/sws.c
View File

@ -500,10 +500,12 @@ static int ProcessRequest(struct httprequest *req)
char *endptr; char *endptr;
char *ptr = line + 15; char *ptr = line + 15;
unsigned long clen = 0; unsigned long clen = 0;
while(*ptr && (' ' == *ptr)) while(*ptr && ISSPACE(*ptr))
ptr++; ptr++;
endptr = ptr;
SET_ERRNO(0);
clen = strtoul(ptr, &endptr, 10); clen = strtoul(ptr, &endptr, 10);
if((ptr == endptr) || ERRNO) { if((ptr == endptr) || !ISSPACE(*endptr) || (ERANGE == ERRNO)) {
/* this assumes that a zero Content-Length is valid */ /* this assumes that a zero Content-Length is valid */
logmsg("Found invalid Content-Length: (%s) in the request", ptr); logmsg("Found invalid Content-Length: (%s) in the request", ptr);
req->open = FALSE; /* closes connection */ req->open = FALSE; /* closes connection */