From: wessels <> Date: Fri, 13 Mar 1998 12:39:34 +0000 (+0000) Subject: In clientProcessRequest(), check that we have a valid conten-length X-Git-Tag: SQUID_3_0_PRE1~3853 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=31be8b8067ed4cfec56f6c04feb71930b29190eb;p=thirdparty%2Fsquid.git In clientProcessRequest(), check that we have a valid conten-length header for POST and PUT requests. --- diff --git a/src/client_side.cc b/src/client_side.cc index 484bfc4c1a..c7c3bdff9c 100644 --- a/src/client_side.cc +++ b/src/client_side.cc @@ -1,6 +1,6 @@ /* - * $Id: client_side.cc,v 1.224 1998/03/11 22:18:47 rousskov Exp $ + * $Id: client_side.cc,v 1.225 1998/03/13 05:39:34 wessels Exp $ * * DEBUG: section 33 Client-side Routines * AUTHOR: Duane Wessels @@ -67,6 +67,7 @@ static HttpReply *clientConstructProxyAuthReply(clientHttpRequest * http); static int clientCachable(clientHttpRequest * http); static int clientHierarchical(clientHttpRequest * http); static int isTcpHit(log_type code); +static int clientCheckContentLength(request_t *r); static int checkAccelOnly(clientHttpRequest * http) @@ -688,6 +689,31 @@ clientParseRequestHeaders(clientHttpRequest * http) EBIT_TEST(request->flags, REQ_HIERARCHICAL) ? "SET" : "NOT SET"); } +static int +clientCheckContentLength(request_t *r) +{ + char *t; + int len; + /* + * We only require a request content-length for POST and PUT + */ + switch(r->method) { + case METHOD_POST: + case METHOD_PUT: + break; + default: + return 1; + break; + } + t = mime_get_header(r->headers, "Content-Length"); + if (t == NULL) + return 0; + len = atoi(t); + if (len < 0) + return 0; + return 1; +} + static int clientCachable(clientHttpRequest * http) { @@ -1256,7 +1282,8 @@ clientProcessRequest(clientHttpRequest * http) storeReleaseRequest(http->entry); storeBuffer(http->entry); rep = httpReplyCreate(); - httpReplySetHeaders(rep, 1.0, HTTP_OK, NULL, "text/plain", r->headers_sz, 0, squid_curtime); + httpReplySetHeaders(rep, 1.0, HTTP_OK, NULL, "text/plain", + r->headers_sz, 0, squid_curtime); httpReplySwapOut(rep, http->entry); httpReplyDestroy(rep); storeAppend(http->entry, r->headers, r->headers_sz); @@ -1264,19 +1291,12 @@ clientProcessRequest(clientHttpRequest * http) return; } /* yes, continue */ - } else if (r->protocol != PROTO_HTTP) { - (void) 0; /* fallthrough */ -#if OLD_POST_CODE - } else if (r->method == METHOD_POST) { - http->log_type = LOG_TCP_MISS; - passStart(fd, url, r, &http->out.size); - return; -#else - } - if ( r->method == METHOD_PUT || r->method == METHOD_POST ) { + } else if (r->method == METHOD_PUT || r->method == METHOD_POST) { http->log_type = LOG_TCP_MISS; + /* XXX oof, POST can be cached! */ pumpInit(fd, r, http->uri); -#endif + } else { + http->log_type = clientProcessRequest2(http); } http->log_type = clientProcessRequest2(http); debug(33, 4) ("clientProcessRequest: %s for '%s'\n", @@ -1715,6 +1735,15 @@ clientReadRequest(int fd, void *data) errorAppendEntry(http->entry, err); break; } + if (0 == clientCheckContentLength(request)) { + err = errorCon(ERR_INVALID_REQ, HTTP_LENGTH_REQUIRED); + err->src_addr = conn->peer.sin_addr; + err->request = requestLink(request); + http->al.http.code = err->http_status; + http->entry = clientCreateStoreEntry(http, request->method, 0); + errorAppendEntry(http->entry, err); + break; + } http->request = requestLink(request); clientAccessCheck(http); /*