#915 check HTTP Content-Length size

If Content-Length is too large ogAdmServer, close the connection..
author: Javier Sánchez Parra <jsanchez@soleta.eu> 2019-09-09 17:00:15 +0200
committer: OpenGnSys Support Team <soporte-og@soleta.eu> 2019-09-10 11:10:34 +0200
commit: 8793b71a31e337cea0e499fd38257bbfa14bba7e (patch)
tree: 43dc67b7905c4d58cb80170133642f83ef3cbeff
parent: c1bee01aa1796ae51b3d0016d96e9e9f3b88681f (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/admin/Sources/Services/ogAdmServer/sources/ogAdmServer.cpp b/admin/Sources/Services/ogAdmServer/sources/ogAdmServer.cpp
index 6e074f8c..357bf013 100644
--- a/admin/Sources/Services/ogAdmServer/sources/ogAdmServer.cpp
+++ b/admin/Sources/Services/ogAdmServer/sources/ogAdmServer.cpp
@@ -137,7 +137,7 @@ struct og_client {
 	unsigned int		msg_len;
 	int			keepalive_idx;
 	bool			rest;
-	unsigned int		content_length;
+	int			content_length;
 	char			auth_token[64];
 };
 
@@ -4167,6 +4167,8 @@ static int og_client_state_recv_hdr_rest(struct og_client *cli)
 	ptr = strstr(cli->buf, "Content-Length: ");
 	if (ptr) {
 		sscanf(ptr, "Content-Length: %i[^\r\n]", &cli->content_length);
+		if (cli->content_length < 0)
+			return -1;
 		cli->msg_len += cli->content_length;
 	}
author	Javier Sánchez Parra <jsanchez@soleta.eu>	2019-09-09 17:00:15 +0200
committer	OpenGnSys Support Team <soporte-og@soleta.eu>	2019-09-10 11:10:34 +0200
commit	8793b71a31e337cea0e499fd38257bbfa14bba7e (patch)
tree	43dc67b7905c4d58cb80170133642f83ef3cbeff
parent	c1bee01aa1796ae51b3d0016d96e9e9f3b88681f (diff)