ASF Bugzilla – Attachment 37544 Details for
Bug 64866
Too small Content-Length validation breaks SSTP
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch that utilizes strtoull to validate Content-Length
fix_sstp_content_length.patch (text/plain), 1.12 KB, created by
Karsten
on 2020-11-02 16:22:32 UTC
(
hide
)
Description:
Patch that utilizes strtoull to validate Content-Length
Filename:
MIME Type:
Creator:
Karsten
Created:
2020-11-02 16:22:32 UTC
Size:
1.12 KB
patch
obsolete
>diff -u httpd-2.4.46/server/protocol.c httpd-2.4.46/server/protocol.c >--- httpd-2.4.46/server/protocol.c 2020-10-30 09:59:36.841869766 +0000 >+++ httpd-2.4.46/server/protocol.c 2020-10-30 10:31:41.289510967 +0000 >@@ -1382,9 +1382,16 @@ > > clen = apr_table_get(r->headers_in, "Content-Length"); > if (clen) { >- apr_off_t cl; >- >- if (!ap_parse_strict_length(&cl, clen)) { >+ /* Works around https://github.com/apache/httpd/commit/2efe92b51dc4c33c907c9b8c17cb5038aad8038c >+ * This commit tests if content-length is a valid long >+ * (calls strtol). However SSTP specifies that content-length >+ * must be ULONGLONG_MAX (18446744073709551615). >+ * The next 4 lines will replace the strtol check with strtoull. >+ */ >+ char *end; >+ errno = 0; >+ strtoull(clen, &end, 10); >+ if ((errno != 0) || (*end != '\0') || (!apr_isdigit(*clen))) { > ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(10242) > "client sent invalid Content-Length " > "(%s): %s", clen, r->uri);
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 64866
: 37544