You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Jim Jagielski <ji...@jaguNET.com> on 2002/06/21 15:52:24 UTC
[PATCH] 1.3 - bad vs overflow
And the 1.3 version...
Index: src/main/http_protocol.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/main/http_protocol.c,v
retrieving revision 1.320
diff -u -r1.320 http_protocol.c
--- src/main/http_protocol.c 19 Jun 2002 18:44:25 -0000 1.320
+++ src/main/http_protocol.c 21 Jun 2002 13:42:54 -0000
@@ -1985,6 +1985,7 @@
else if (lenp) {
const char *pos = lenp;
int conversion_error = 0;
+ int ou_flow = 0;
while (ap_isdigit(*pos) || ap_isspace(*pos))
++pos;
@@ -1993,15 +1994,23 @@
char *endstr;
errno = 0;
r->remaining = ap_strtol(lenp, &endstr, 10);
- if (errno || (endstr && *endstr)) {
+ if (errno == ERANGE) { /* ap_strtol MUST be ANSI */
+ ou_flow = 1;
+ }
+ else if (errno || (endstr && *endstr)) {
conversion_error = 1;
}
}
- if (*pos != '\0' || conversion_error) {
+ if (*pos != '\0' || conversion_error || ou_flow) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
"Invalid Content-Length");
- return HTTP_BAD_REQUEST;
+ if (ou_flow) {
+ return HTTP_REQUEST_ENTITY_TOO_LARGE;
+ }
+ else {
+ return HTTP_BAD_REQUEST;
+ }
}
}
--
===========================================================================
Jim Jagielski [|] jim@jaguNET.com [|] http://www.jaguNET.com/
"A society that will trade a little liberty for a little order
will lose both and deserve neither" - T.Jefferson