summaryrefslogtreecommitdiffstats
path: root/server/util.c
diff options
context:
space:
mode:
authorYann Ylavic <ylavic@apache.org>2020-05-20 16:01:17 +0200
committerYann Ylavic <ylavic@apache.org>2020-05-20 16:01:17 +0200
commit11d03dc86a9642a4af44c40122299b7efad47775 (patch)
tree23576af687aa6d5ad87abb8307bb4e3006741f1e /server/util.c
parentlognos (diff)
downloadapache2-11d03dc86a9642a4af44c40122299b7efad47775.tar.xz
apache2-11d03dc86a9642a4af44c40122299b7efad47775.zip
core,modules: provide/use ap_parse_strict_length() helper.
It helps simplifying a lot of duplicated code based on apr_strtoff(), while also rejecting leading plus/minus signs which are dissalowed in Content-Length and (Content-)Range headers. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1877954 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to '')
-rw-r--r--server/util.c28
1 files changed, 15 insertions, 13 deletions
diff --git a/server/util.c b/server/util.c
index 7603895e02..59e273e911 100644
--- a/server/util.c
+++ b/server/util.c
@@ -2673,6 +2673,15 @@ AP_DECLARE(apr_status_t) ap_timeout_parameter_parse(
return APR_SUCCESS;
}
+AP_DECLARE(int) ap_parse_strict_length(apr_off_t *len, const char *str)
+{
+ char *end;
+
+ return (apr_isdigit(*str)
+ && apr_strtoff(len, str, &end, 10) == APR_SUCCESS
+ && *end == '\0');
+}
+
/**
* Determine if a request has a request body or not.
*
@@ -2682,20 +2691,13 @@ AP_DECLARE(apr_status_t) ap_timeout_parameter_parse(
AP_DECLARE(int) ap_request_has_body(request_rec *r)
{
apr_off_t cl;
- char *estr;
const char *cls;
- int has_body;
-
- has_body = (!r->header_only
- && (r->kept_body
- || apr_table_get(r->headers_in, "Transfer-Encoding")
- || ( (cls = apr_table_get(r->headers_in, "Content-Length"))
- && (apr_strtoff(&cl, cls, &estr, 10) == APR_SUCCESS)
- && (!*estr)
- && (cl > 0) )
- )
- );
- return has_body;
+
+ return (!r->header_only
+ && (r->kept_body
+ || apr_table_get(r->headers_in, "Transfer-Encoding")
+ || ((cls = apr_table_get(r->headers_in, "Content-Length"))
+ && ap_parse_strict_length(&cl, cls) && cl > 0)));
}
/**