hrev54334 adds 1 changeset to branch 'master'
old head: 9bfdc55864e9d2d906c0a22c3ec8c69ee4ecc6cb
new head: d345666ea85184401e9812684f47c67dd5db946a
overview:
https://git.haiku-os.org/haiku/log/?qt=range&q=d345666ea851+%5E9bfdc55864e9
----------------------------------------------------------------------------
d345666ea851: libnetapi/HttpResult: improve Length() algorithm
`atoi()` maximum value is `LONG_MAX` which is smaller than `SIZE_MAX`.
This cause any Content-Length > LONG_MAX to be represented in an
erroneous value. This will also happen to any invalid Content-Length
header.
This change uses strtoul() for the extended range (should be the same as
size_t range), and combined with proper error checking to determine
whether the received Content-Length is a valid and/or representable
value. Returns 0 if the data is invalid or can not be represented.
Some shortcomings about the current implementation are also
noted accordingly. They will be solved in later patches.
Change-Id: If28c4c3b8430ed83dd0f600030ec8949cf7e0051
Reviewed-on: https://review.haiku-os.org/c/haiku/+/2927
Reviewed-by: waddlesplash <waddlesplash@xxxxxxxxx>
[ Leorize <leorize+oss@xxxxxxxxxxx> ]
----------------------------------------------------------------------------
Revision: hrev54334
Commit: d345666ea85184401e9812684f47c67dd5db946a
URL: https://git.haiku-os.org/haiku/commit/?id=d345666ea851
Author: Leorize <leorize+oss@xxxxxxxxxxx>
Date: Thu Jun 18 04:49:57 2020 UTC
Committer: waddlesplash <waddlesplash@xxxxxxxxx>
Commit-Date: Sat Jun 20 02:02:49 2020 UTC
----------------------------------------------------------------------------
1 file changed, 21 insertions(+), 1 deletion(-)
src/kits/network/libnetapi/HttpResult.cpp | 22 +++++++++++++++++++++-
----------------------------------------------------------------------------
diff --git a/src/kits/network/libnetapi/HttpResult.cpp
b/src/kits/network/libnetapi/HttpResult.cpp
index a9013b7064..015f53107d 100644
--- a/src/kits/network/libnetapi/HttpResult.cpp
+++ b/src/kits/network/libnetapi/HttpResult.cpp
@@ -87,7 +87,27 @@ BHttpResult::Length() const
const char* length = Headers()["Content-Length"];
if (length == NULL)
return 0;
- return atoi(length);
+
+ /* NOTE: Not RFC7230 compliant:
+ * - If Content-Length is a list, all values must be checked and
verified
+ * to be duplicates of each other, but this is currently not
supported.
+ */
+ size_t result = 0;
+ /* strtoul() will ignore a prefixed sign, so we verify that there aren't
+ * any before continuing (RFC7230 only permits digits).
+ *
+ * We can check length[0] directly because header values are trimmed by
+ * HttpHeader beforehand. */
+ if (length[0] != '-' || length[0] != '+') {
+ errno = 0;
+ char *endptr = NULL;
+ result = strtoul(length, &endptr, 10);
+ /* ERANGE will be signalled if the result is too large (which
can
+ * happen), in that case, return 0. */
+ if (errno != 0 || *endptr != '\0')
+ result = 0;
+ }
+ return result;
}
