tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add validation for HTTP connection sizes

This commit is contained in:
Gunnar Beutner 2018-01-31 07:59:49 +01:00 committed by Jean Flach
parent c7ae986d94
commit 2789d1a859
2 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/remote/httpchunkedencoding.cpp
View File

@ -37,6 +37,8 @@ StreamReadStatus HttpChunkedEncoding::ReadChunkFromStream(const Stream::Ptr& str
msgbuf << std::hex << line;
msgbuf >> context.LengthIndicator;
if (context.LengthIndicator < 0)
BOOST_THROW_EXCEPTION(std::invalid_argument("HTTP chunk length must not be negative."));
}
StreamReadContext& scontext = context.StreamContext;

7
lib/remote/httprequest.cpp
View File

@ -126,7 +126,12 @@ bool HttpRequest::Parse(StreamReadContext& src, bool may_wait)
src.MustRead = false;
}
size_t length_indicator = Convert::ToLong(Headers->Get("content-length"));
long length_indicator_signed = Convert::ToLong(Headers->Get("content-length"));
if (length_indicator_signed < 0)
BOOST_THROW_EXCEPTION(std::invalid_argument("Content-Length must not be negative."));
size_t length_indicator = length_indicator_signed;
if (src.Size < length_indicator) {
src.MustRead = true;