Browse Source

[core] stricter parsing of POST chunked block hdr

master
Glenn Strauss 11 months ago
parent
commit
c3073b4da6
  1. 6
      src/connections-glue.c

6
src/connections-glue.c

@ -148,6 +148,12 @@ static handler_t connection_handle_read_post_chunked(request_st * const r, chunk
te_chunked <<= 4;
te_chunked |= u;
}
if (s == (unsigned char *)c->mem->ptr+c->offset) { /*(no hex)*/
log_error(r->conf.errh, __FILE__, __LINE__,
"chunked header invalid chars -> 400");
/* 400 Bad Request */
return connection_handle_read_post_error(r, 400);
}
while (*s == ' ' || *s == '\t') ++s;
if (*s != '\r' && *s != ';') {
log_error(r->conf.errh, __FILE__, __LINE__,

Loading…
Cancel
Save