asheplyakov/propagator
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

http: fixed Content-Length header validation

Browse Source 
Content-Length is not necesserily the last header, more headers
can follow it.

Closes: #41072
This commit is contained in:
Alexey Sheplyakov 2021-10-07 16:41:38 +04:00
parent 43a9d78fdd
commit 24db85c5ab
2 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
test_parse_content_length.c
View File

@ -52,6 +52,11 @@ int main(int argc, char **argv) {
"Content-Length: 1234 ", "Content-Length: 1234 ",
"Content-Length: 1234 ", "Content-Length: 1234 ",
"Content-Length: 1234 \r\n\r\n", "Content-Length: 1234 \r\n\r\n",
"Content-Length: 1234\r\n"
"Last-Modified: Sun, 12 Sep 2021 22:31:46 GMT\r\n"
"Connection: close\r\n"
"Etag: \"613e7fd2-3849a800\"\r\n"
"Accept-Ranges: bytes\r\n\r\n"
}; };
for (i = 0; i < ARRAY_SIZE(invalid_inputs); i++) { for (i = 0; i < ARRAY_SIZE(invalid_inputs); i++) {

4
url.c
View File

@ -398,6 +398,7 @@ int ftp_end_data_command(int sock)
static int parse_content_length(const char *headers, unsigned long *size) { static int parse_content_length(const char *headers, unsigned long *size) {
const char *header_content_length = "Content-Length: "; const char *header_content_length = "Content-Length: ";
const char *hdr = NULL, *ptr = NULL, *start = NULL, *end = NULL; const char *hdr = NULL, *ptr = NULL, *start = NULL, *end = NULL;
const char *nexthdr = NULL;
hdr = strstr(headers, header_content_length); hdr = strstr(headers, header_content_length);
if (!hdr) { if (!hdr) {
@ -406,6 +407,7 @@ static int parse_content_length(const char *headers, unsigned long *size) {
} }
start = hdr + strlen(header_content_length); start = hdr + strlen(header_content_length);
nexthdr = strstr(start, "\r\n");
errno = 0; errno = 0;
*size = strtoul(start, (char **)&end, 10); *size = strtoul(start, (char **)&end, 10);
@ -432,7 +434,7 @@ static int parse_content_length(const char *headers, unsigned long *size) {
* Note: endptr points first non-digit/space character or * Note: endptr points first non-digit/space character or
* end of the string * end of the string
*/ */
for (ptr = end; *ptr; ptr++) { for (ptr = end; nexthdr ? ptr < nexthdr : *ptr != '\0'; ptr++) {
if (!isspace(*ptr) && !isdigit(*ptr)) { if (!isspace(*ptr) && !isdigit(*ptr)) {
log_message("%s: error: invalid character %c in Content-Length header '%s'", __func__, *ptr, hdr); log_message("%s: error: invalid character %c in Content-Length header '%s'", __func__, *ptr, hdr);
return -1; return -1;