[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 103/125: HTTP: bail out on negative Content-Length:
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnurl] 103/125: HTTP: bail out on negative Content-Length: values |
|
Date: |
Sun, 21 Jan 2018 23:42:38 +0100 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit f68e67271586125c06f33297a245a920d325584e
Author: Daniel Stenberg <address@hidden>
AuthorDate: Tue Jan 9 17:24:48 2018 +1300
HTTP: bail out on negative Content-Length: values
... and make the max filesize check trigger if the value is too big.
Updates test 178.
Reported-by: Brad Spencer
Fixes #2212
Closes #2223
---
lib/http.c | 42 +++++++++++++++++++++++-------------------
tests/data/test178 | 9 ++++++++-
2 files changed, 31 insertions(+), 20 deletions(-)
diff --git a/lib/http.c b/lib/http.c
index def51abc3..c1cdf2da0 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -3505,31 +3505,35 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy
*data,
if(!k->ignorecl && !data->set.ignorecl &&
checkprefix("Content-Length:", k->p)) {
curl_off_t contentlength;
- if(!curlx_strtoofft(k->p + 15, NULL, 10, &contentlength)) {
+ CURLofft offt = curlx_strtoofft(k->p + 15, NULL, 10, &contentlength);
+
+ if(offt == CURL_OFFT_OK) {
if(data->set.max_filesize &&
contentlength > data->set.max_filesize) {
failf(data, "Maximum file size exceeded");
return CURLE_FILESIZE_EXCEEDED;
}
- if(contentlength >= 0) {
- k->size = contentlength;
- k->maxdownload = k->size;
- /* we set the progress download size already at this point
- just to make it easier for apps/callbacks to extract this
- info as soon as possible */
- Curl_pgrsSetDownloadSize(data, k->size);
- }
- else {
- /* Negative Content-Length is really odd, and we know it
- happens for example when older Apache servers send large
- files */
- streamclose(conn, "negative content-length");
- infof(data, "Negative content-length: %" CURL_FORMAT_CURL_OFF_T
- ", closing after transfer\n", contentlength);
+ k->size = contentlength;
+ k->maxdownload = k->size;
+ /* we set the progress download size already at this point
+ just to make it easier for apps/callbacks to extract this
+ info as soon as possible */
+ Curl_pgrsSetDownloadSize(data, k->size);
+ }
+ else if(offt == CURL_OFFT_FLOW) {
+ /* out of range */
+ if(data->set.max_filesize) {
+ failf(data, "Maximum file size exceeded");
+ return CURLE_FILESIZE_EXCEEDED;
}
+ streamclose(conn, "overflow content-length");
+ infof(data, "Overflow Content-Length: value!\n");
+ }
+ else {
+ /* negative or just rubbish - bad HTTP */
+ failf(data, "Invalid Content-Length: value");
+ return CURLE_WEIRD_SERVER_REPLY;
}
- else
- infof(data, "Illegal Content-Length: header\n");
}
/* check for Content-Type: header lines to get the MIME-type */
else if(checkprefix("Content-Type:", k->p)) {
diff --git a/tests/data/test178 b/tests/data/test178
index 7481467df..d22d8149f 100644
--- a/tests/data/test178
+++ b/tests/data/test178
@@ -18,6 +18,10 @@ Funny-head: yesyes
moooooooooooo
</data>
+<datacheck>
+HTTP/1.1 200 OK swsclose
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+</datacheck>
</reply>
#
@@ -27,7 +31,7 @@ moooooooooooo
http
</server>
<name>
-simple HTTP GET with negative Content-Length
+HTTP response with negative Content-Length
</name>
<command>
http://%HOSTIP:%HTTPPORT/178
@@ -46,5 +50,8 @@ Host: %HOSTIP:%HTTPPORT
Accept: */*
</protocol>
+<errorcode>
+8
+</errorcode>
</verify>
</testcase>
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 95/125: COPYING: it's 2018!, (continued)
- [GNUnet-SVN] [gnurl] 95/125: COPYING: it's 2018!, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 93/125: scripts: allow all perl scripts to be run directly, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 52/125: multi_done: prune DNS cache, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 74/125: curl_easy_reset: release mime-related data., gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 76/125: curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 71/125: CURLOPT_READFUNCTION.3: refer to argument with correct name, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 77/125: build-openssl.bat: Added support for VC15, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 94/125: progress: calculate transfer speed on milliseconds if possible, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 80/125: winbuild: Added support for VC15, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 116/125: openssl: fix the libressl build again, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 103/125: HTTP: bail out on negative Content-Length: values,
gnunet <=
- [GNUnet-SVN] [gnurl] 114/125: curl_fnmatch: only allow 5 '*' sections in a single pattern, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 75/125: examples/rtsp: fix error handling macros, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 117/125: openssl: fix potential memory leak in SSLKEYLOGFILE logic, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 12/125: libssh: added SFTP support, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 122/125: TODO: two possible name resolver improvements, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 118/125: SSH: Fix state machine for ssh-agent authentication, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 07/125: Added support for libssh SSH SCP back-end, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 42/125: curl.h: remove incorrect comment about ERRORBUFFER, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 46/125: CURLOPT_PRIVATE.3: fix grammar, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 39/125: BINDINGS: another PostgreSQL client, gnunet, 2018/01/21