#915 check HTTP Content-Length size

If Content-Length is too large ogAdmServer, close the connection..
author: Javier Sánchez Parra <jsanchez@soleta.eu> 2019-09-09 17:00:15 +0200
committer: OpenGnSys Support Team <soporte-og@soleta.eu> 2019-09-10 11:10:34 +0200
commit: 36ad0061d76efb9ae774f7043aaaece550eb17c2 (patch)
tree: 50899bc3361823b23d68649b8f59d72b4ddb4a44
parent: 64e653773e7d12f7afd9fcd7725b6a2921fe91a2 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/sources/ogAdmServer.cpp b/sources/ogAdmServer.cpp
index 6e074f8..357bf01 100644
--- a/sources/ogAdmServer.cpp
+++ b/sources/ogAdmServer.cpp
@@ -137,7 +137,7 @@ struct og_client {
 	unsigned int		msg_len;
 	int			keepalive_idx;
 	bool			rest;
-	unsigned int		content_length;
+	int			content_length;
 	char			auth_token[64];
 };
 
@@ -4167,6 +4167,8 @@ static int og_client_state_recv_hdr_rest(struct og_client *cli)
 	ptr = strstr(cli->buf, "Content-Length: ");
 	if (ptr) {
 		sscanf(ptr, "Content-Length: %i[^\r\n]", &cli->content_length);
+		if (cli->content_length < 0)
+			return -1;
 		cli->msg_len += cli->content_length;
 	}
author	Javier Sánchez Parra <jsanchez@soleta.eu>	2019-09-09 17:00:15 +0200
committer	OpenGnSys Support Team <soporte-og@soleta.eu>	2019-09-10 11:10:34 +0200
commit	36ad0061d76efb9ae774f7043aaaece550eb17c2 (patch)
tree	50899bc3361823b23d68649b8f59d72b4ddb4a44
parent	64e653773e7d12f7afd9fcd7725b6a2921fe91a2 (diff)