didn't have much choice but to branch that file. this is already committedunlabeled-1.436.2

to HEAD. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/unlabeled-1.436.2@95741 13f79535-47bb-0310-9956-ffa450edef68
author: Cliff Woolley <jwoolley@apache.org> 2002-06-17 23:06:58 +0000
committer: Cliff Woolley <jwoolley@apache.org> 2002-06-17 23:06:58 +0000
commit: e82dbf6f7fd1f4a3750247901d8b8cd1c92364df (patch)
tree: d313df7f8b4e080cdf98bfcd94810197f7c9eec5
parent: bbc49505b385c8d5b0f195bae5750cdcee88518e (diff)
download: httpd-unlabeled-1.436.2.tar.gz
1 files changed, 37 insertions, 5 deletions
diff --git a/modules/http/http_protocol.c b/modules/http/http_protocol.c
index 7cdc2b8e6e..73e77c086b 100644
--- a/modules/http/http_protocol.c
+++ b/modules/http/http_protocol.c
@@ -794,14 +794,37 @@ apr_status_t ap_http_filter(ap_filter_t *f, apr_bucket_brigade *b,
         }
         else if (lenp) {
             const char *pos = lenp;
+            int conversion_error = 0;
 
+            /* This ensures that the number can not be negative. */
             while (apr_isdigit(*pos) || apr_isspace(*pos)) {
                 ++pos;
             }
 
             if (*pos == '\0') {
+                char *endstr;
                 ctx->state = BODY_LENGTH;
-                ctx->remaining = atol(lenp);
+                ctx->remaining = strtol(lenp, &endstr, 10);
+
+                if (errno == ERANGE) {
+                    conversion_error = 1; 
+                }
+            }
+
+            if (*pos != '\0' || conversion_error) {
+                apr_bucket_brigade *bb;
+
+                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, f->r,
+                              "Invalid Content-Length");
+
+                bb = apr_brigade_create(f->r->pool, f->c->bucket_alloc);
+                e = ap_bucket_error_create(HTTP_REQUEST_ENTITY_TOO_LARGE, NULL,
+                                           f->r->pool, f->c->bucket_alloc);
+                APR_BRIGADE_INSERT_TAIL(bb, e);
+                e = apr_bucket_eos_create(f->c->bucket_alloc);
+                APR_BRIGADE_INSERT_TAIL(bb, e);
+                ctx->eos_sent = 1;
+                return ap_pass_brigade(f->r->output_filters, bb);
             }
             
             /* If we have a limit in effect and we know the C-L ahead of
@@ -1683,17 +1706,26 @@ AP_DECLARE(int) ap_setup_client_block(request_rec *r, int read_policy)
     }
     else if (lenp) {
         const char *pos = lenp;
+        int conversion_error = 0;
 
         while (apr_isdigit(*pos) || apr_isspace(*pos)) {
             ++pos;
         }
-        if (*pos != '\0') {
+
+        if (*pos == '\0') {
+            char *endstr;
+            r->remaining = strtol(lenp, &endstr, 10);
+
+            if (errno == ERANGE || errno == EINVAL) {
+                conversion_error = 1; 
+            }
+        }
+
+        if (*pos != '\0' || conversion_error) {
             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                          "Invalid Content-Length %s", lenp);
+                          "Invalid Content-Length");
             return HTTP_BAD_REQUEST;
         }
-
-        r->remaining = atol(lenp);
     }
 
     if ((r->read_body == REQUEST_NO_BODY)
author	Cliff Woolley <jwoolley@apache.org>	2002-06-17 23:06:58 +0000
committer	Cliff Woolley <jwoolley@apache.org>	2002-06-17 23:06:58 +0000
commit	e82dbf6f7fd1f4a3750247901d8b8cd1c92364df (patch)
tree	d313df7f8b4e080cdf98bfcd94810197f7c9eec5
parent	bbc49505b385c8d5b0f195bae5750cdcee88518e (diff)
download	httpd-unlabeled-1.436.2.tar.gz