[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] branch master updated: Added check for magic number in t
|
From: |
gnunet |
|
Subject: |
[libmicrohttpd] branch master updated: Added check for magic number in the request content-lenght |
|
Date: |
Tue, 26 Sep 2023 14:53:22 +0200 |
This is an automated email from the git hooks/post-receive script.
karlson2k pushed a commit to branch master
in repository libmicrohttpd.
The following commit(s) were added to refs/heads/master by this push:
new 0f75e71e Added check for magic number in the request content-lenght
0f75e71e is described below
commit 0f75e71e48b723c6d28797e7adbef7fe9afd6695
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Tue Sep 26 15:11:46 2023 +0300
Added check for magic number in the request content-lenght
---
src/microhttpd/connection.c | 79 +++++++++++++++++++++++----------------------
1 file changed, 40 insertions(+), 39 deletions(-)
diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c
index 4d66f497..653eddce 100644
--- a/src/microhttpd/connection.c
+++ b/src/microhttpd/connection.c
@@ -4048,6 +4048,10 @@ parse_connection_headers (struct MHD_Connection
*connection)
return;
}
+ /* The presence of the request body is indicated by "Content-Length:" or
+ "Transfer-Encoding:" request headers.
+ Unless one of these two headers is used, the request has no request body.
+ See RFC9112, Section 6, paragraph 4. */
connection->rq.remaining_upload_size = 0;
if (MHD_NO !=
MHD_lookup_connection_value_n (connection,
@@ -4098,51 +4102,48 @@ parse_connection_headers (struct MHD_Connection
*connection)
connection->rq.have_chunked_upload = true;
connection->rq.remaining_upload_size = MHD_SIZE_UNKNOWN;
}
- else
+ else if (MHD_NO !=
+ MHD_lookup_connection_value_n (connection,
+ MHD_HEADER_KIND,
+ MHD_HTTP_HEADER_CONTENT_LENGTH,
+ MHD_STATICSTR_LEN_ (
+ MHD_HTTP_HEADER_CONTENT_LENGTH),
+ &clen,
+ &val_len))
{
- if (MHD_NO !=
- MHD_lookup_connection_value_n (connection,
- MHD_HEADER_KIND,
- MHD_HTTP_HEADER_CONTENT_LENGTH,
- MHD_STATICSTR_LEN_ (
- MHD_HTTP_HEADER_CONTENT_LENGTH),
- &clen,
- &val_len))
- {
- size_t num_digits;
+ size_t num_digits;
- num_digits = MHD_str_to_uint64_n_ (clen,
- val_len,
-
&connection->rq.remaining_upload_size);
- if ( (val_len != num_digits) ||
- (0 == num_digits) )
- {
- connection->rq.remaining_upload_size = 0;
- if ((0 == num_digits) &&
- (0 != val_len) &&
- ('0' <= clen[0]) && ('9' >= clen[0]))
- {
+ num_digits = MHD_str_to_uint64_n_ (clen,
+ val_len,
+ &connection->rq.remaining_upload_size);
+
+ if (((0 == num_digits) &&
+ (0 != val_len) &&
+ ('0' <= clen[0]) && ('9' >= clen[0]))
+ || (MHD_SIZE_UNKNOWN == connection->rq.remaining_upload_size))
+ {
+ connection->rq.remaining_upload_size = 0;
#ifdef HAVE_MESSAGES
- MHD_DLOG (connection->daemon,
- _ ("Too large value of 'Content-Length' header. " \
- "Closing connection.\n"));
+ MHD_DLOG (connection->daemon,
+ _ ("Too large value of 'Content-Length' header. " \
+ "Closing connection.\n"));
#endif
- transmit_error_response_static (connection,
- MHD_HTTP_CONTENT_TOO_LARGE,
- REQUEST_CONTENTLENGTH_TOOLARGE);
- }
- else
- {
+ transmit_error_response_static (connection,
+ MHD_HTTP_CONTENT_TOO_LARGE,
+ REQUEST_CONTENTLENGTH_TOOLARGE);
+ }
+ else if ((val_len != num_digits) ||
+ (0 == num_digits))
+ {
+ connection->rq.remaining_upload_size = 0;
#ifdef HAVE_MESSAGES
- MHD_DLOG (connection->daemon,
- _ ("Failed to parse `Content-Length' header. " \
- "Closing connection.\n"));
+ MHD_DLOG (connection->daemon,
+ _ ("Failed to parse 'Content-Length' header. " \
+ "Closing connection.\n"));
#endif
- transmit_error_response_static (connection,
- MHD_HTTP_BAD_REQUEST,
- REQUEST_CONTENTLENGTH_MALFORMED);
- }
- }
+ transmit_error_response_static (connection,
+ MHD_HTTP_BAD_REQUEST,
+ REQUEST_CONTENTLENGTH_MALFORMED);
}
}
}
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [libmicrohttpd] branch master updated: Added check for magic number in the request content-lenght,
gnunet <=