[patch] Patch that utilizes strtoull to validate Content-Length

fix_sstp_content_length.patch (text/plain), 1.12 KB, created by Karsten on 2020-11-02 16:22:32 UTC

(hide)

Description: Patch that utilizes strtoull to validate Content-Length

Filename:

MIME Type:

Creator: Karsten

Created: 2020-11-02 16:22:32 UTC

Size: 1.12 KB

patch

obsolete

>diff -u httpd-2.4.46/server/protocol.c httpd-2.4.46/server/protocol.c >--- httpd-2.4.46/server/protocol.c 2020-10-30 09:59:36.841869766 +0000 >+++ httpd-2.4.46/server/protocol.c 2020-10-30 10:31:41.289510967 +0000 >@@ -1382,9 +1382,16 @@ > > clen = apr_table_get(r->headers_in, "Content-Length"); > if (clen) { >- apr_off_t cl; >- >- if (!ap_parse_strict_length(&cl, clen)) { >+ /* Works around https://github.com/apache/httpd/commit/2efe92b51dc4c33c907c9b8c17cb5038aad8038c >+ * This commit tests if content-length is a valid long >+ * (calls strtol). However SSTP specifies that content-length >+ * must be ULONGLONG_MAX (18446744073709551615). >+ * The next 4 lines will replace the strtol check with strtoull. >+ */ >+ char *end; >+ errno = 0; >+ strtoull(clen, &end, 10); >+ if ((errno != 0) || (*end != '\0') || (!apr_isdigit(*clen))) { > ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(10242) > "client sent invalid Content-Length " > "(%s): %s", clen, r->uri); View Attachment As Diff View Attachment As Raw

This is ASF Bugzilla: the Apache Software Foundation bug system. In case of problems with the functioning of ASF Bugzilla, please contact bugzilla-admin@apache.org. Please Note: this e-mail address is only for reporting problems with ASF Bugzilla. Mail about any other subject will be silently ignored.

• • Home
  • | New
  • | Browse
  • | Search
  • |
    [?]
  • | Reports
  • | Help
  • | New Account
  • | Log In
    Remember [x]
  • | Forgot Password
    Login: [x]