mirror of https://github.com/Icinga/icinga2.git
Add validation for HTTP connection sizes
This commit is contained in:
parent
3cb7d2dbd0
commit
0339a2b827
|
@ -37,6 +37,8 @@ StreamReadStatus HttpChunkedEncoding::ReadChunkFromStream(const Stream::Ptr& str
|
|||
msgbuf << std::hex << line;
|
||||
msgbuf >> context.LengthIndicator;
|
||||
|
||||
if (context.LengthIndicator < 0)
|
||||
BOOST_THROW_EXCEPTION(std::invalid_argument("HTTP chunk length must not be negative."));
|
||||
}
|
||||
|
||||
StreamReadContext& scontext = context.StreamContext;
|
||||
|
|
|
@ -131,7 +131,12 @@ bool HttpRequest::Parse(StreamReadContext& src, bool may_wait)
|
|||
src.MustRead = false;
|
||||
}
|
||||
|
||||
size_t length_indicator = Convert::ToLong(Headers->Get("content-length"));
|
||||
long length_indicator_signed = Convert::ToLong(Headers->Get("content-length"));
|
||||
|
||||
if (length_indicator_signed < 0)
|
||||
BOOST_THROW_EXCEPTION(std::invalid_argument("Content-Length must not be negative."));
|
||||
|
||||
size_t length_indicator = length_indicator_signed;
|
||||
|
||||
if (src.Size < length_indicator) {
|
||||
src.MustRead = true;
|
||||
|
|
Loading…
Reference in New Issue