diff options
| author | Yann Ylavic <ylavic@apache.org> | 2020-05-20 14:01:17 +0000 |
|---|---|---|
| committer | Yann Ylavic <ylavic@apache.org> | 2020-05-20 14:01:17 +0000 |
| commit | 11d03dc86a9642a4af44c40122299b7efad47775 (patch) | |
| tree | 23576af687aa6d5ad87abb8307bb4e3006741f1e /modules/dav | |
| parent | c03f75c6c346adf7b665c01b20bdf4e5b1eca8b3 (diff) | |
| download | httpd-11d03dc86a9642a4af44c40122299b7efad47775.tar.gz | |
core,modules: provide/use ap_parse_strict_length() helper.
It helps simplifying a lot of duplicated code based on apr_strtoff(), while
also rejecting leading plus/minus signs which are dissalowed in Content-Length
and (Content-)Range headers.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1877954 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules/dav')
| -rw-r--r-- | modules/dav/main/mod_dav.c | 23 |
1 files changed, 7 insertions, 16 deletions
diff --git a/modules/dav/main/mod_dav.c b/modules/dav/main/mod_dav.c index d84db03e09..721c57a16b 100644 --- a/modules/dav/main/mod_dav.c +++ b/modules/dav/main/mod_dav.c @@ -814,7 +814,6 @@ static int dav_parse_range(request_rec *r, char *range; char *dash; char *slash; - char *errp; range_c = apr_table_get(r->headers_in, "content-range"); if (range_c == NULL) @@ -831,20 +830,19 @@ static int dav_parse_range(request_rec *r, *dash++ = *slash++ = '\0'; /* detect invalid ranges */ - if (apr_strtoff(range_start, range + 6, &errp, 10) - || *errp || *range_start < 0) { + if (!ap_parse_strict_length(range_start, range + 6)) { return -1; } - if (apr_strtoff(range_end, dash, &errp, 10) - || *errp || *range_end < 0 || *range_end < *range_start) { + if (!ap_parse_strict_length(range_end, dash) + || *range_end < *range_start) { return -1; } if (*slash != '*') { apr_off_t dummy; - if (apr_strtoff(&dummy, slash, &errp, 10) - || *errp || dummy <= *range_end) { + if (!ap_parse_strict_length(&dummy, slash) + || dummy <= *range_end) { return -1; } } @@ -2538,20 +2536,13 @@ static int process_mkcol_body(request_rec *r) r->read_chunked = 1; } else if (lenp) { - const char *pos = lenp; - - while (apr_isdigit(*pos) || apr_isspace(*pos)) { - ++pos; - } - - if (*pos != '\0') { + if (!ap_parse_strict_length(&r->remaining, lenp)) { + r->remaining = 0; /* This supplies additional information for the default message. */ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00590) "Invalid Content-Length %s", lenp); return HTTP_BAD_REQUEST; } - - r->remaining = apr_atoi64(lenp); } if (r->read_chunked || r->remaining > 0) { |