From b05f096d5feb6b7687e8a99f3421899447f099bd Mon Sep 17 00:00:00 2001 From: Jim Jagielski Date: Sun, 14 Jul 2002 13:18:58 +0000 Subject: Streamline the handling of C-L values in the common case by using the known properties of ANSI strtol. PR: Obtained from: Submitted by: Reviewed by: git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96052 13f79535-47bb-0310-9956-ffa450edef68 --- modules/http/http_protocol.c | 51 +++++++++++++++++--------------------------- 1 file changed, 20 insertions(+), 31 deletions(-) diff --git a/modules/http/http_protocol.c b/modules/http/http_protocol.c index 4c0309c5f4..45a0865574 100644 --- a/modules/http/http_protocol.c +++ b/modules/http/http_protocol.c @@ -797,27 +797,23 @@ apr_status_t ap_http_filter(ap_filter_t *f, apr_bucket_brigade *b, } } else if (lenp) { - const char *pos = lenp; int conversion_error = 0; + char *endstr; - /* This ensures that the number can not be negative. */ - while (apr_isdigit(*pos) || apr_isspace(*pos)) { - ++pos; - } - - if (*pos == '\0') { - char *endstr; - - errno = 0; - ctx->state = BODY_LENGTH; - ctx->remaining = strtol(lenp, &endstr, 10); - - if (errno || (endstr && *endstr)) { - conversion_error = 1; - } + ctx->state = BODY_LENGTH; + errno = 0; + ctx->remaining = strtol(lenp, &endstr, 10); /* we depend on ANSI */ + + /* This protects us from over/underflow (the errno check), + * non-digit chars in the string (excluding leading space) + * (the endstr checks) and a negative number. Depending + * on the strtol implementation, the errno check may also + * trigger on an all whitespace string */ + if (errno || (endstr && *endstr) || (ctx->remaining < 0)) { + conversion_error = 1; } - if (*pos != '\0' || conversion_error) { + if (conversion_error) { apr_bucket_brigade *bb; ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, f->r, @@ -1710,25 +1706,18 @@ AP_DECLARE(int) ap_setup_client_block(request_rec *r, int read_policy) r->read_chunked = 1; } else if (lenp) { - const char *pos = lenp; int conversion_error = 0; + char *endstr; - while (apr_isdigit(*pos) || apr_isspace(*pos)) { - ++pos; - } - - if (*pos == '\0') { - char *endstr; + errno = 0; + r->remaining = strtol(lenp, &endstr, 10); /* depend on ANSI */ - errno = 0; - r->remaining = strtol(lenp, &endstr, 10); - - if (errno || (endstr && *endstr)) { - conversion_error = 1; - } + /* See comments in ap_http_filter() */ + if (errno || (endstr && *endstr) || (r->remaining < 0)) { + conversion_error = 1; } - if (*pos != '\0' || conversion_error) { + if (conversion_error) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Invalid Content-Length"); return HTTP_BAD_REQUEST; -- cgit v1.2.3