VladPolskiy/apache_httpd
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-07-23 00:50:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use ap_parse_strict_length() to parse client-supplied Content-Length

Browse Source 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908144 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
manu
2023-03-07 01:51:02 +00:00
parent 1f89cbb0d5
commit e653b97abc
1 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
modules/dav/fs/quota.c
View File

@ -320,12 +320,20 @@ int dav_fs_quota_precondition(request_rec *r,
/*
* If PUT has Content-Length, we can forecast overquota
*/
if ((lenhdr = apr_table_get(r->headers_in, "Content-Length")) &&
(atol(lenhdr) > available_bytes)) {
status = HTTP_INSUFFICIENT_STORAGE;
*err = dav_new_error_tag(r->pool, status, 0, 0,
msg, NULL, tag);
goto out;
if (lenhdr = apr_table_get(r->headers_in, "Content-Length")) {
if (!ap_parse_strict_length(&size, lenhdr)) {
status = HTTP_BAD_REQUEST;
*err = dav_new_error(r->pool, status, 0, 0,
"client sent invalid Content-Length");
goto out;
}
if (size > available_bytes) {
status = HTTP_INSUFFICIENT_STORAGE;
*err = dav_new_error_tag(r->pool, status, 0, 0,
msg, NULL, tag);
goto out;
}
}
break;
case M_COPY: /* FALLTHROUGH */