mirror of
https://github.com/moparisthebest/curl
synced 2024-08-13 17:03:50 -04:00
fix Content-Length validation
This commit is contained in:
parent
bb2d9c3704
commit
f442dd6496
@ -581,10 +581,12 @@ static int ProcessRequest(struct httprequest *req)
|
|||||||
char *endptr;
|
char *endptr;
|
||||||
char *ptr = line + 15;
|
char *ptr = line + 15;
|
||||||
unsigned long clen = 0;
|
unsigned long clen = 0;
|
||||||
while(*ptr && (' ' == *ptr))
|
while(*ptr && ISSPACE(*ptr))
|
||||||
ptr++;
|
ptr++;
|
||||||
|
endptr = ptr;
|
||||||
|
SET_ERRNO(0);
|
||||||
clen = strtoul(ptr, &endptr, 10);
|
clen = strtoul(ptr, &endptr, 10);
|
||||||
if((ptr == endptr) || ERRNO) {
|
if((ptr == endptr) || !ISSPACE(*endptr) || (ERANGE == ERRNO)) {
|
||||||
/* this assumes that a zero Content-Length is valid */
|
/* this assumes that a zero Content-Length is valid */
|
||||||
logmsg("Found invalid Content-Length: (%s) in the request", ptr);
|
logmsg("Found invalid Content-Length: (%s) in the request", ptr);
|
||||||
req->open = FALSE; /* closes connection */
|
req->open = FALSE; /* closes connection */
|
||||||
|
@ -500,10 +500,12 @@ static int ProcessRequest(struct httprequest *req)
|
|||||||
char *endptr;
|
char *endptr;
|
||||||
char *ptr = line + 15;
|
char *ptr = line + 15;
|
||||||
unsigned long clen = 0;
|
unsigned long clen = 0;
|
||||||
while(*ptr && (' ' == *ptr))
|
while(*ptr && ISSPACE(*ptr))
|
||||||
ptr++;
|
ptr++;
|
||||||
|
endptr = ptr;
|
||||||
|
SET_ERRNO(0);
|
||||||
clen = strtoul(ptr, &endptr, 10);
|
clen = strtoul(ptr, &endptr, 10);
|
||||||
if((ptr == endptr) || ERRNO) {
|
if((ptr == endptr) || !ISSPACE(*endptr) || (ERANGE == ERRNO)) {
|
||||||
/* this assumes that a zero Content-Length is valid */
|
/* this assumes that a zero Content-Length is valid */
|
||||||
logmsg("Found invalid Content-Length: (%s) in the request", ptr);
|
logmsg("Found invalid Content-Length: (%s) in the request", ptr);
|
||||||
req->open = FALSE; /* closes connection */
|
req->open = FALSE; /* closes connection */
|
||||||
|
Loading…
Reference in New Issue
Block a user