diff options
author | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2023-09-26 15:11:46 +0300 |
---|---|---|
committer | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2023-09-26 15:43:29 +0300 |
commit | 0f75e71e48b723c6d28797e7adbef7fe9afd6695 (patch) | |
tree | 9f246982771493c1be246e2197a4eaf77deef598 | |
parent | 9c032ccca7cdbb97b3c42d258a67ce283fa00d4c (diff) | |
download | libmicrohttpd-0f75e71e48b723c6d28797e7adbef7fe9afd6695.tar.gz libmicrohttpd-0f75e71e48b723c6d28797e7adbef7fe9afd6695.zip |
Added check for magic number in the request content-lenght
-rw-r--r-- | src/microhttpd/connection.c | 79 |
1 files changed, 40 insertions, 39 deletions
diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c index 4d66f497..653eddce 100644 --- a/src/microhttpd/connection.c +++ b/src/microhttpd/connection.c | |||
@@ -4048,6 +4048,10 @@ parse_connection_headers (struct MHD_Connection *connection) | |||
4048 | return; | 4048 | return; |
4049 | } | 4049 | } |
4050 | 4050 | ||
4051 | /* The presence of the request body is indicated by "Content-Length:" or | ||
4052 | "Transfer-Encoding:" request headers. | ||
4053 | Unless one of these two headers is used, the request has no request body. | ||
4054 | See RFC9112, Section 6, paragraph 4. */ | ||
4051 | connection->rq.remaining_upload_size = 0; | 4055 | connection->rq.remaining_upload_size = 0; |
4052 | if (MHD_NO != | 4056 | if (MHD_NO != |
4053 | MHD_lookup_connection_value_n (connection, | 4057 | MHD_lookup_connection_value_n (connection, |
@@ -4098,51 +4102,48 @@ parse_connection_headers (struct MHD_Connection *connection) | |||
4098 | connection->rq.have_chunked_upload = true; | 4102 | connection->rq.have_chunked_upload = true; |
4099 | connection->rq.remaining_upload_size = MHD_SIZE_UNKNOWN; | 4103 | connection->rq.remaining_upload_size = MHD_SIZE_UNKNOWN; |
4100 | } | 4104 | } |
4101 | else | 4105 | else if (MHD_NO != |
4106 | MHD_lookup_connection_value_n (connection, | ||
4107 | MHD_HEADER_KIND, | ||
4108 | MHD_HTTP_HEADER_CONTENT_LENGTH, | ||
4109 | MHD_STATICSTR_LEN_ ( | ||
4110 | MHD_HTTP_HEADER_CONTENT_LENGTH), | ||
4111 | &clen, | ||
4112 | &val_len)) | ||
4102 | { | 4113 | { |
4103 | if (MHD_NO != | 4114 | size_t num_digits; |
4104 | MHD_lookup_connection_value_n (connection, | ||
4105 | MHD_HEADER_KIND, | ||
4106 | MHD_HTTP_HEADER_CONTENT_LENGTH, | ||
4107 | MHD_STATICSTR_LEN_ ( | ||
4108 | MHD_HTTP_HEADER_CONTENT_LENGTH), | ||
4109 | &clen, | ||
4110 | &val_len)) | ||
4111 | { | ||
4112 | size_t num_digits; | ||
4113 | 4115 | ||
4114 | num_digits = MHD_str_to_uint64_n_ (clen, | 4116 | num_digits = MHD_str_to_uint64_n_ (clen, |
4115 | val_len, | 4117 | val_len, |
4116 | &connection->rq.remaining_upload_size); | 4118 | &connection->rq.remaining_upload_size); |
4117 | if ( (val_len != num_digits) || | 4119 | |
4118 | (0 == num_digits) ) | 4120 | if (((0 == num_digits) && |
4119 | { | 4121 | (0 != val_len) && |
4120 | connection->rq.remaining_upload_size = 0; | 4122 | ('0' <= clen[0]) && ('9' >= clen[0])) |
4121 | if ((0 == num_digits) && | 4123 | || (MHD_SIZE_UNKNOWN == connection->rq.remaining_upload_size)) |
4122 | (0 != val_len) && | 4124 | { |
4123 | ('0' <= clen[0]) && ('9' >= clen[0])) | 4125 | connection->rq.remaining_upload_size = 0; |
4124 | { | ||
4125 | #ifdef HAVE_MESSAGES | 4126 | #ifdef HAVE_MESSAGES |
4126 | MHD_DLOG (connection->daemon, | 4127 | MHD_DLOG (connection->daemon, |
4127 | _ ("Too large value of 'Content-Length' header. " \ | 4128 | _ ("Too large value of 'Content-Length' header. " \ |
4128 | "Closing connection.\n")); | 4129 | "Closing connection.\n")); |
4129 | #endif | 4130 | #endif |
4130 | transmit_error_response_static (connection, | 4131 | transmit_error_response_static (connection, |
4131 | MHD_HTTP_CONTENT_TOO_LARGE, | 4132 | MHD_HTTP_CONTENT_TOO_LARGE, |
4132 | REQUEST_CONTENTLENGTH_TOOLARGE); | 4133 | REQUEST_CONTENTLENGTH_TOOLARGE); |
4133 | } | 4134 | } |
4134 | else | 4135 | else if ((val_len != num_digits) || |
4135 | { | 4136 | (0 == num_digits)) |
4137 | { | ||
4138 | connection->rq.remaining_upload_size = 0; | ||
4136 | #ifdef HAVE_MESSAGES | 4139 | #ifdef HAVE_MESSAGES |
4137 | MHD_DLOG (connection->daemon, | 4140 | MHD_DLOG (connection->daemon, |
4138 | _ ("Failed to parse `Content-Length' header. " \ | 4141 | _ ("Failed to parse 'Content-Length' header. " \ |
4139 | "Closing connection.\n")); | 4142 | "Closing connection.\n")); |
4140 | #endif | 4143 | #endif |
4141 | transmit_error_response_static (connection, | 4144 | transmit_error_response_static (connection, |
4142 | MHD_HTTP_BAD_REQUEST, | 4145 | MHD_HTTP_BAD_REQUEST, |
4143 | REQUEST_CONTENTLENGTH_MALFORMED); | 4146 | REQUEST_CONTENTLENGTH_MALFORMED); |
4144 | } | ||
4145 | } | ||
4146 | } | 4147 | } |
4147 | } | 4148 | } |
4148 | } | 4149 | } |