You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ma...@apache.org on 2023/03/07 01:51:02 UTC
svn commit: r1908144 - /httpd/httpd/trunk/modules/dav/fs/quota.c
Author: manu
Date: Tue Mar 7 01:51:02 2023
New Revision: 1908144
URL: http://svn.apache.org/viewvc?rev=1908144&view=rev
Log:
Use ap_parse_strict_length() to parse client-supplied Content-Length
Modified:
httpd/httpd/trunk/modules/dav/fs/quota.c
Modified: httpd/httpd/trunk/modules/dav/fs/quota.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/fs/quota.c?rev=1908144&r1=1908143&r2=1908144&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/dav/fs/quota.c (original)
+++ httpd/httpd/trunk/modules/dav/fs/quota.c Tue Mar 7 01:51:02 2023
@@ -320,12 +320,20 @@ int dav_fs_quota_precondition(request_re
/*
* If PUT has Content-Length, we can forecast overquota
*/
- if ((lenhdr = apr_table_get(r->headers_in, "Content-Length")) &&
- (atol(lenhdr) > available_bytes)) {
- status = HTTP_INSUFFICIENT_STORAGE;
- *err = dav_new_error_tag(r->pool, status, 0, 0,
- msg, NULL, tag);
- goto out;
+ if (lenhdr = apr_table_get(r->headers_in, "Content-Length")) {
+ if (!ap_parse_strict_length(&size, lenhdr)) {
+ status = HTTP_BAD_REQUEST;
+ *err = dav_new_error(r->pool, status, 0, 0,
+ "client sent invalid Content-Length");
+ goto out;
+ }
+
+ if (size > available_bytes) {
+ status = HTTP_INSUFFICIENT_STORAGE;
+ *err = dav_new_error_tag(r->pool, status, 0, 0,
+ msg, NULL, tag);
+ goto out;
+ }
}
break;
case M_COPY: /* FALLTHROUGH */