Added check for magic number in the request content-lenght

author: Evgeny Grin (Karlson2k) <k2k@narod.ru> 2023-09-26 15:11:46 +0300
committer: Evgeny Grin (Karlson2k) <k2k@narod.ru> 2023-09-26 15:43:29 +0300
commit: 0f75e71e48b723c6d28797e7adbef7fe9afd6695 (patch)
tree: 9f246982771493c1be246e2197a4eaf77deef598
parent: 9c032ccca7cdbb97b3c42d258a67ce283fa00d4c (diff)
download: libmicrohttpd-0f75e71e48b723c6d28797e7adbef7fe9afd6695.tar.gz
libmicrohttpd-0f75e71e48b723c6d28797e7adbef7fe9afd6695.zip
1 files changed, 40 insertions, 39 deletions
diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c
index 4d66f497..653eddce 100644
--- a/src/microhttpd/connection.c
+++ b/src/microhttpd/connection.c
@@ -4048,6 +4048,10 @@ parse_connection_headers (struct MHD_Connection *connection)
    return;
  }
+  /* The presence of the request body is indicated by "Content-Length:" or
+     "Transfer-Encoding:" request headers.
+     Unless one of these two headers is used, the request has no request body.
+     See RFC9112, Section 6, paragraph 4. */
  connection->rq.remaining_upload_size = 0;
  if (MHD_NO !=
      MHD_lookup_connection_value_n (connection,
@@ -4098,51 +4102,48 @@ parse_connection_headers (struct MHD_Connection *connection)
    connection->rq.have_chunked_upload = true;
    connection->rq.remaining_upload_size = MHD_SIZE_UNKNOWN;
  }
-  else
+  else if (MHD_NO !=
+           MHD_lookup_connection_value_n (connection,
+                                          MHD_HEADER_KIND,
+                                          MHD_HTTP_HEADER_CONTENT_LENGTH,
+                                          MHD_STATICSTR_LEN_ (
+                                            MHD_HTTP_HEADER_CONTENT_LENGTH),
+                                          &clen,
+                                          &val_len))
  {
-    if (MHD_NO !=
+    size_t num_digits;
-        MHD_lookup_connection_value_n (connection,
-                                       MHD_HEADER_KIND,
-                                       MHD_HTTP_HEADER_CONTENT_LENGTH,
-                                       MHD_STATICSTR_LEN_ (
-                                         MHD_HTTP_HEADER_CONTENT_LENGTH),
-                                       &clen,
-                                       &val_len))
-    {
-      size_t num_digits;
-      num_digits = MHD_str_to_uint64_n_ (clen,
+    num_digits = MHD_str_to_uint64_n_ (clen,
-                                         val_len,
+                                       val_len,
-                                         &connection->rq.remaining_upload_size);
+                                       &connection->rq.remaining_upload_size);
-      if ( (val_len != num_digits) ||
-           (0 == num_digits) )
+    if (((0 == num_digits) &&
-      {
+         (0 != val_len) &&
-        connection->rq.remaining_upload_size = 0;
+         ('0' <= clen[0]) && ('9' >= clen[0]))
-        if ((0 == num_digits) &&
+        || (MHD_SIZE_UNKNOWN == connection->rq.remaining_upload_size))
-            (0 != val_len) &&
+    {
-            ('0' <= clen[0]) && ('9' >= clen[0]))
+      connection->rq.remaining_upload_size = 0;
-        {
 #ifdef HAVE_MESSAGES
-          MHD_DLOG (connection->daemon,
+      MHD_DLOG (connection->daemon,
-                    _ ("Too large value of 'Content-Length' header. " \
+                _ ("Too large value of 'Content-Length' header. " \
-                       "Closing connection.\n"));
+                   "Closing connection.\n"));
 #endif
-          transmit_error_response_static (connection,
+      transmit_error_response_static (connection,
-                                          MHD_HTTP_CONTENT_TOO_LARGE,
+                                      MHD_HTTP_CONTENT_TOO_LARGE,
-                                          REQUEST_CONTENTLENGTH_TOOLARGE);
+                                      REQUEST_CONTENTLENGTH_TOOLARGE);
-        }
+    }
-        else
+    else if ((val_len != num_digits) ||
-        {
+             (0 == num_digits))
+    {
+      connection->rq.remaining_upload_size = 0;
 #ifdef HAVE_MESSAGES
-          MHD_DLOG (connection->daemon,
+      MHD_DLOG (connection->daemon,
-                    _ ("Failed to parse `Content-Length' header. " \
+                _ ("Failed to parse 'Content-Length' header. " \
-                       "Closing connection.\n"));
+                   "Closing connection.\n"));
 #endif
-          transmit_error_response_static (connection,
+      transmit_error_response_static (connection,
-                                          MHD_HTTP_BAD_REQUEST,
+                                      MHD_HTTP_BAD_REQUEST,
-                                          REQUEST_CONTENTLENGTH_MALFORMED);
+                                      REQUEST_CONTENTLENGTH_MALFORMED);
-        }
-      }
    }
  }
 }
author	Evgeny Grin (Karlson2k) <k2k@narod.ru>	2023-09-26 15:11:46 +0300
committer	Evgeny Grin (Karlson2k) <k2k@narod.ru>	2023-09-26 15:43:29 +0300
commit	0f75e71e48b723c6d28797e7adbef7fe9afd6695 (patch)
tree	9f246982771493c1be246e2197a4eaf77deef598
parent	9c032ccca7cdbb97b3c42d258a67ce283fa00d4c (diff)
download	libmicrohttpd-0f75e71e48b723c6d28797e7adbef7fe9afd6695.tar.gz libmicrohttpd-0f75e71e48b723c6d28797e7adbef7fe9afd6695.zip

diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c index 4d66f497..653eddce 100644 --- a/src/microhttpd/connection.c +++ b/src/microhttpd/connection.c
@@ -4048,6 +4048,10 @@ parse_connection_headers (struct MHD_Connection *connection)
4048	return;	4048	return;
4049	}	4049	}
4050		4050
		4051	/* The presence of the request body is indicated by "Content-Length:" or
		4052	"Transfer-Encoding:" request headers.
		4053	Unless one of these two headers is used, the request has no request body.
		4054	See RFC9112, Section 6, paragraph 4. */
4051	connection->rq.remaining_upload_size = 0;	4055	connection->rq.remaining_upload_size = 0;
4052	if (MHD_NO !=	4056	if (MHD_NO !=
4053	MHD_lookup_connection_value_n (connection,	4057	MHD_lookup_connection_value_n (connection,
@@ -4098,51 +4102,48 @@ parse_connection_headers (struct MHD_Connection *connection)
4098	connection->rq.have_chunked_upload = true;	4102	connection->rq.have_chunked_upload = true;
4099	connection->rq.remaining_upload_size = MHD_SIZE_UNKNOWN;	4103	connection->rq.remaining_upload_size = MHD_SIZE_UNKNOWN;
4100	}	4104	}
4101	else	4105	else if (MHD_NO !=
		4106	MHD_lookup_connection_value_n (connection,
		4107	MHD_HEADER_KIND,
		4108	MHD_HTTP_HEADER_CONTENT_LENGTH,
		4109	MHD_STATICSTR_LEN_ (
		4110	MHD_HTTP_HEADER_CONTENT_LENGTH),
		4111	&clen,
		4112	&val_len))
4102	{	4113	{
4103	if (MHD_NO !=	4114	size_t num_digits;
4104	MHD_lookup_connection_value_n (connection,
4105	MHD_HEADER_KIND,
4106	MHD_HTTP_HEADER_CONTENT_LENGTH,
4107	MHD_STATICSTR_LEN_ (
4108	MHD_HTTP_HEADER_CONTENT_LENGTH),
4109	&clen,
4110	&val_len))
4111	{
4112	size_t num_digits;
4113		4115
4114	num_digits = MHD_str_to_uint64_n_ (clen,	4116	num_digits = MHD_str_to_uint64_n_ (clen,
4115	val_len,	4117	val_len,
4116	&connection->rq.remaining_upload_size);	4118	&connection->rq.remaining_upload_size);
4117	if ( (val_len != num_digits) \|\|	4119
4118	(0 == num_digits) )	4120	if (((0 == num_digits) &&
4119	{	4121	(0 != val_len) &&
4120	connection->rq.remaining_upload_size = 0;	4122	('0' <= clen[0]) && ('9' >= clen[0]))
4121	if ((0 == num_digits) &&	4123	\|\| (MHD_SIZE_UNKNOWN == connection->rq.remaining_upload_size))
4122	(0 != val_len) &&	4124	{
4123	('0' <= clen[0]) && ('9' >= clen[0]))	4125	connection->rq.remaining_upload_size = 0;
4124	{
4125	#ifdef HAVE_MESSAGES	4126	#ifdef HAVE_MESSAGES
4126	MHD_DLOG (connection->daemon,	4127	MHD_DLOG (connection->daemon,
4127	_ ("Too large value of 'Content-Length' header. " \	4128	_ ("Too large value of 'Content-Length' header. " \
4128	"Closing connection.\n"));	4129	"Closing connection.\n"));
4129	#endif	4130	#endif
4130	transmit_error_response_static (connection,	4131	transmit_error_response_static (connection,
4131	MHD_HTTP_CONTENT_TOO_LARGE,	4132	MHD_HTTP_CONTENT_TOO_LARGE,
4132	REQUEST_CONTENTLENGTH_TOOLARGE);	4133	REQUEST_CONTENTLENGTH_TOOLARGE);
4133	}	4134	}
4134	else	4135	else if ((val_len != num_digits) \|\|
4135	{	4136	(0 == num_digits))
		4137	{
		4138	connection->rq.remaining_upload_size = 0;
4136	#ifdef HAVE_MESSAGES	4139	#ifdef HAVE_MESSAGES
4137	MHD_DLOG (connection->daemon,	4140	MHD_DLOG (connection->daemon,
4138	_ ("Failed to parse `Content-Length' header. " \	4141	_ ("Failed to parse 'Content-Length' header. " \
4139	"Closing connection.\n"));	4142	"Closing connection.\n"));
4140	#endif	4143	#endif
4141	transmit_error_response_static (connection,	4144	transmit_error_response_static (connection,
4142	MHD_HTTP_BAD_REQUEST,	4145	MHD_HTTP_BAD_REQUEST,
4143	REQUEST_CONTENTLENGTH_MALFORMED);	4146	REQUEST_CONTENTLENGTH_MALFORMED);
4144	}
4145	}
4146	}	4147	}
4147	}	4148	}
4148	}	4149	}