From 36444f328fd5ce20c87d6a0e50f585d0817504c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Lindqvist?= Date: Thu, 30 Oct 2014 13:37:48 +0100 Subject: [PATCH] http.server.requests: an upper limit is needed for the content-length header --- basis/http/server/requests/requests-tests.factor | 12 +++++++++++- basis/http/server/requests/requests.factor | 4 +++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/basis/http/server/requests/requests-tests.factor b/basis/http/server/requests/requests-tests.factor index 691e91846d..afb3eb7b16 100644 --- a/basis/http/server/requests/requests-tests.factor +++ b/basis/http/server/requests/requests-tests.factor @@ -1,6 +1,6 @@ USING: accessors assocs continuations http http.client http.client.private http.server http.server.requests io.streams.limited io.streams.string kernel -multiline namespaces peg sequences splitting tools.test urls ; +math math.parser multiline namespaces peg sequences splitting tools.test urls ; IN: http.server.requests.tests : normalize-nl ( str -- str' ) @@ -117,6 +117,16 @@ hello [ content-length>> -1234 = ] bi and ] must-fail-with +! And too big +[ + { { "foo" "bar" } } "localhost" request>string + "7" upload-limit get 1 + number>string replace string>request +] [ + [ invalid-content-length? ] + [ content-length>> upload-limit get 1 + = ] bi and +] must-fail-with + + ! RFC 2616: Section 4.1 ! In the interest of robustness, servers SHOULD ignore any empty ! line(s) received where a Request-Line is expected. In other words, if diff --git a/basis/http/server/requests/requests.factor b/basis/http/server/requests/requests.factor index 10c7c7b064..8348c029ff 100644 --- a/basis/http/server/requests/requests.factor +++ b/basis/http/server/requests/requests.factor @@ -48,7 +48,9 @@ upload-limit [ 200,000,000 ] initialize : parse-content-length-safe ( request -- content-length ) "content-length" header [ dup string>number [ - nip dup 0 >= [ invalid-content-length ] unless + nip dup 0 upload-limit get between? [ + invalid-content-length + ] unless ] [ invalid-content-length ] if* ] [ content-length-missing ] if* ;