diff options
author | Yann Ylavic <ylavic@apache.org> | 2020-05-20 14:01:17 +0000 |
---|---|---|
committer | Yann Ylavic <ylavic@apache.org> | 2020-05-20 14:01:17 +0000 |
commit | 11d03dc86a9642a4af44c40122299b7efad47775 (patch) | |
tree | 23576af687aa6d5ad87abb8307bb4e3006741f1e /modules/http | |
parent | c03f75c6c346adf7b665c01b20bdf4e5b1eca8b3 (diff) | |
download | httpd-11d03dc86a9642a4af44c40122299b7efad47775.tar.gz |
core,modules: provide/use ap_parse_strict_length() helper.
It helps simplifying a lot of duplicated code based on apr_strtoff(), while
also rejecting leading plus/minus signs which are dissalowed in Content-Length
and (Content-)Range headers.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1877954 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules/http')
-rw-r--r-- | modules/http/byterange_filter.c | 7 | ||||
-rw-r--r-- | modules/http/http_filters.c | 18 |
2 files changed, 9 insertions, 16 deletions
diff --git a/modules/http/byterange_filter.c b/modules/http/byterange_filter.c index 5ed90aaa91..8c5a670c6c 100644 --- a/modules/http/byterange_filter.c +++ b/modules/http/byterange_filter.c @@ -137,7 +137,6 @@ static int ap_set_byterange(request_rec *r, apr_off_t clength, *indexes = apr_array_make(r->pool, ranges, sizeof(indexes_t)); while ((cur = ap_getword(r->pool, &range, ','))) { char *dash; - char *errp; apr_off_t number, start, end; if (!*cur) @@ -154,7 +153,7 @@ static int ap_set_byterange(request_rec *r, apr_off_t clength, if (dash == cur) { /* In the form "-5" */ - if (apr_strtoff(&number, dash+1, &errp, 10) || *errp) { + if (!ap_parse_strict_length(&number, dash+1)) { return 0; } if (number < 1) { @@ -165,12 +164,12 @@ static int ap_set_byterange(request_rec *r, apr_off_t clength, } else { *dash++ = '\0'; - if (apr_strtoff(&number, cur, &errp, 10) || *errp) { + if (!ap_parse_strict_length(&number, cur)) { return 0; } start = number; if (*dash) { - if (apr_strtoff(&number, dash, &errp, 10) || *errp) { + if (!ap_parse_strict_length(&number, dash)) { return 0; } end = number; diff --git a/modules/http/http_filters.c b/modules/http/http_filters.c index 5bebe2c500..016bcf5e97 100644 --- a/modules/http/http_filters.c +++ b/modules/http/http_filters.c @@ -364,16 +364,13 @@ apr_status_t ap_http_filter(ap_filter_t *f, apr_bucket_brigade *b, lenp = NULL; } if (lenp) { - char *endstr; - ctx->state = BODY_LENGTH; /* Protects against over/underflow, non-digit chars in the - * string (excluding leading space) (the endstr checks) - * and a negative number. */ - if (apr_strtoff(&ctx->remaining, lenp, &endstr, 10) - || endstr == lenp || *endstr || ctx->remaining < 0) { - + * string, leading plus/minus signs, trailing characters and + * a negative number. + */ + if (!ap_parse_strict_length(&ctx->remaining, lenp)) { ctx->remaining = 0; ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, f->r, APLOGNO(01587) "Invalid Content-Length"); @@ -1667,13 +1664,10 @@ AP_DECLARE(int) ap_setup_client_block(request_rec *r, int read_policy) r->read_chunked = 1; } else if (lenp) { - char *endstr; - - if (apr_strtoff(&r->remaining, lenp, &endstr, 10) - || *endstr || r->remaining < 0) { + if (!ap_parse_strict_length(&r->remaining, lenp)) { r->remaining = 0; ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(01594) - "Invalid Content-Length"); + "Invalid Content-Length '%s'", lenp); return HTTP_BAD_REQUEST; } } |