|
Lines 427-436
Link Here
|
| 427 |
apr_off_t bytes_streamed = 0; |
427 |
apr_off_t bytes_streamed = 0; |
| 428 |
|
428 |
|
| 429 |
if (old_cl_val) { |
429 |
if (old_cl_val) { |
|
|
430 |
char *endstr; |
| 431 |
|
| 430 |
add_cl(p, bucket_alloc, header_brigade, old_cl_val); |
432 |
add_cl(p, bucket_alloc, header_brigade, old_cl_val); |
| 431 |
if (APR_SUCCESS != (status = apr_strtoff(&cl_val, old_cl_val, NULL, |
433 |
status = apr_strtoff(&cl_val, old_cl_val, &endstr, 10); |
| 432 |
0))) { |
434 |
|
| 433 |
return HTTP_INTERNAL_SERVER_ERROR; |
435 |
if (status || *endstr || endstr == old_cl_val || cl_val < 0) { |
|
|
436 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, |
| 437 |
"proxy: could not parse request Content-Length (%s)", |
| 438 |
old_cl_val); |
| 439 |
return HTTP_BAD_REQUEST; |
| 434 |
} |
440 |
} |
| 435 |
} |
441 |
} |
| 436 |
terminate_headers(bucket_alloc, header_brigade); |
442 |
terminate_headers(bucket_alloc, header_brigade); |
|
Lines 463-470
Link Here
|
| 463 |
* |
469 |
* |
| 464 |
* Prevents HTTP Response Splitting. |
470 |
* Prevents HTTP Response Splitting. |
| 465 |
*/ |
471 |
*/ |
| 466 |
if (bytes_streamed > cl_val) |
472 |
if (bytes_streamed > cl_val) { |
| 467 |
continue; |
473 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, |
|
|
474 |
"proxy: read more bytes of request body than expected " |
| 475 |
"(got %" APR_OFF_T_FMT ", expected %" APR_OFF_T_FMT ")", |
| 476 |
bytes_streamed, cl_val); |
| 477 |
return HTTP_INTERNAL_SERVER_ERROR; |
| 478 |
} |
| 468 |
|
479 |
|
| 469 |
if (header_brigade) { |
480 |
if (header_brigade) { |
| 470 |
/* we never sent the header brigade, so go ahead and |
481 |
/* we never sent the header brigade, so go ahead and |
