You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Jim Jagielski <ji...@jaguNET.com> on 2002/06/21 15:51:45 UTC
[PATCH] 2.0 - bad vs overflow
This seems a bit more accurate to me... Comments?
Index: modules/http/http_protocol.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/http/http_protocol.c,v
retrieving revision 1.440
diff -u -r1.440 http_protocol.c
--- modules/http/http_protocol.c 19 Jun 2002 18:43:28 -0000 1.440
+++ modules/http/http_protocol.c 21 Jun 2002 13:44:28 -0000
@@ -795,6 +795,7 @@
else if (lenp) {
const char *pos = lenp;
int conversion_error = 0;
+ int ou_flow = 0;
/* This ensures that the number can not be negative. */
while (apr_isdigit(*pos) || apr_isspace(*pos)) {
@@ -808,20 +809,29 @@
ctx->state = BODY_LENGTH;
ctx->remaining = strtol(lenp, &endstr, 10);
- if (errno || (endstr && *endstr)) {
+ if (errno == ERANGE) { /* depend on ANSI strtol */
+ ou_flow = 1;
+ }
+ else if (errno || (endstr && *endstr)) {
conversion_error = 1;
}
}
- if (*pos != '\0' || conversion_error) {
+ if (*pos != '\0' || conversion_error || ou_flow) {
apr_bucket_brigade *bb;
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, f->r,
"Invalid Content-Length");
bb = apr_brigade_create(f->r->pool, f->c->bucket_alloc);
- e = ap_bucket_error_create(HTTP_REQUEST_ENTITY_TOO_LARGE, NULL,
+ if (ou_flow) {
+ e = ap_bucket_error_create(HTTP_REQUEST_ENTITY_TOO_LARGE, NULL,
f->r->pool, f->c->bucket_alloc);
+ }
+ else {
+ e = ap_bucket_error_create(HTTP_BAD_REQUEST, NULL,
+ f->r->pool, f->c->bucket_alloc);
+ }
APR_BRIGADE_INSERT_TAIL(bb, e);
e = apr_bucket_eos_create(f->c->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(bb, e);
@@ -1709,6 +1719,7 @@
else if (lenp) {
const char *pos = lenp;
int conversion_error = 0;
+ int ou_flow = 0;
while (apr_isdigit(*pos) || apr_isspace(*pos)) {
++pos;
@@ -1720,15 +1731,23 @@
errno = 0;
r->remaining = strtol(lenp, &endstr, 10);
- if (errno || (endstr && *endstr)) {
+ if (errno == ERANGE) { /* depend on ANSI strtol */
+ ou_flow = 1;
+ }
+ else if (errno || (endstr && *endstr)) {
conversion_error = 1;
}
}
- if (*pos != '\0' || conversion_error) {
+ if (*pos != '\0' || conversion_error || ou_flow) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Invalid Content-Length");
- return HTTP_BAD_REQUEST;
+ if (ou_flow) {
+ return HTTP_REQUEST_ENTITY_TOO_LARGE;
+ }
+ else {
+ return HTTP_BAD_REQUEST;
+ }
}
}
@@ -1738,6 +1757,7 @@
"%s with body is not allowed for %s", r->method, r->uri);
return HTTP_REQUEST_ENTITY_TOO_LARGE;
}
+
#ifdef AP_DEBUG
{
--
===========================================================================
Jim Jagielski [|] jim@jaguNET.com [|] http://www.jaguNET.com/
"A society that will trade a little liberty for a little order
will lose both and deserve neither" - T.Jefferson