diff options
author | manu <manu@unknown> | 2023-03-07 01:51:02 +0000 |
---|---|---|
committer | manu <manu@unknown> | 2023-03-07 01:51:02 +0000 |
commit | e653b97abc5cb3e4f29e6a4a92bac098fbb5a2c1 (patch) | |
tree | 8037652054ea715b5909351c30ba40533ee856c5 /modules | |
parent | 1f89cbb0d50f2394bfcf16311b91e0c747c2cc86 (diff) | |
download | httpd-e653b97abc5cb3e4f29e6a4a92bac098fbb5a2c1.tar.gz |
Use ap_parse_strict_length() to parse client-supplied Content-Length
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908144 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules')
-rw-r--r-- | modules/dav/fs/quota.c | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/modules/dav/fs/quota.c b/modules/dav/fs/quota.c index 37cbb6cf14..8dedfeae61 100644 --- a/modules/dav/fs/quota.c +++ b/modules/dav/fs/quota.c @@ -320,12 +320,20 @@ int dav_fs_quota_precondition(request_rec *r, /* * If PUT has Content-Length, we can forecast overquota */ - if ((lenhdr = apr_table_get(r->headers_in, "Content-Length")) && - (atol(lenhdr) > available_bytes)) { - status = HTTP_INSUFFICIENT_STORAGE; - *err = dav_new_error_tag(r->pool, status, 0, 0, - msg, NULL, tag); - goto out; + if (lenhdr = apr_table_get(r->headers_in, "Content-Length")) { + if (!ap_parse_strict_length(&size, lenhdr)) { + status = HTTP_BAD_REQUEST; + *err = dav_new_error(r->pool, status, 0, 0, + "client sent invalid Content-Length"); + goto out; + } + + if (size > available_bytes) { + status = HTTP_INSUFFICIENT_STORAGE; + *err = dav_new_error_tag(r->pool, status, 0, 0, + msg, NULL, tag); + goto out; + } } break; case M_COPY: /* FALLTHROUGH */ |