From: Jim Jagielski <jim@apache.org>
Date: Mon, 17 Jun 2002 19:38:19 +0000 (+0000)
Subject: Prevent possible badness if the HUGE value for Content-Length
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eabcfa210aa09b130e8ba42cf19c36979e7d27d2;p=thirdparty%2Fapache%2Fhttpd.git

Prevent possible badness if the HUGE value for Content-Length
maps, via atol, to a negative number.

PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@95733 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/src/main/http_protocol.c b/src/main/http_protocol.c
index 05b5ba72b09..c234cd03b7c 100644
--- a/src/main/http_protocol.c
+++ b/src/main/http_protocol.c
@@ -1994,6 +1994,12 @@ API_EXPORT(int) ap_setup_client_block(request_rec *r, int read_policy)
         }
 
         r->remaining = atol(lenp);
+        if (r->remaining < 0) {
+            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
+              "Request content-length of %s maps to negative number %ld",
+              lenp, r->remaining);
+            return HTTP_BAD_REQUEST;
+        }
     }
 
     if ((r->read_body == REQUEST_NO_BODY) &&