Prevent possible badness if the HUGE value for Content-Length

maps, via atol, to a negative number.

PR:
Obtained from:
Submitted by:
Reviewed by:

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@95733 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/src/main/http_protocol.c b/src/main/http_protocol.c
index 05b5ba72b0900c3628d49802018f7138b4a4cc19..c234cd03b7c2277cf6e42afe26fb3b23cedef94a 100644 (file)
--- a/src/main/http_protocol.c
+++ b/src/main/http_protocol.c
@@ -1994,6 +1994,12 @@ API_EXPORT(int) ap_setup_client_block(request_rec *r, int read_policy)
         }
 
         r->remaining = atol(lenp);
+        if (r->remaining < 0) {
+            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
+              "Request content-length of %s maps to negative number %ld",
+              lenp, r->remaining);
+            return HTTP_BAD_REQUEST;
+        }
     }
 
     if ((r->read_body == REQUEST_NO_BODY) &&