diff options
author | Yang Tse <yangsita@gmail.com> | 2010-02-16 11:17:00 +0000 |
---|---|---|
committer | Yang Tse <yangsita@gmail.com> | 2010-02-16 11:17:00 +0000 |
commit | f442dd6496c8710c4000a078e8085238fdaa7545 (patch) | |
tree | 57750b13bbd750e693304920fa5a09e170ccdee9 | |
parent | bb2d9c3704c687a644f62fbc17c0a0a26bf406eb (diff) |
fix Content-Length validation
-rw-r--r-- | tests/server/rtspd.c | 6 | ||||
-rw-r--r-- | tests/server/sws.c | 6 |
2 files changed, 8 insertions, 4 deletions
diff --git a/tests/server/rtspd.c b/tests/server/rtspd.c index c10b829aa..56111bd26 100644 --- a/tests/server/rtspd.c +++ b/tests/server/rtspd.c @@ -581,10 +581,12 @@ static int ProcessRequest(struct httprequest *req) char *endptr; char *ptr = line + 15; unsigned long clen = 0; - while(*ptr && (' ' == *ptr)) + while(*ptr && ISSPACE(*ptr)) ptr++; + endptr = ptr; + SET_ERRNO(0); clen = strtoul(ptr, &endptr, 10); - if((ptr == endptr) || ERRNO) { + if((ptr == endptr) || !ISSPACE(*endptr) || (ERANGE == ERRNO)) { /* this assumes that a zero Content-Length is valid */ logmsg("Found invalid Content-Length: (%s) in the request", ptr); req->open = FALSE; /* closes connection */ diff --git a/tests/server/sws.c b/tests/server/sws.c index b12b670b5..42446a9ac 100644 --- a/tests/server/sws.c +++ b/tests/server/sws.c @@ -500,10 +500,12 @@ static int ProcessRequest(struct httprequest *req) char *endptr; char *ptr = line + 15; unsigned long clen = 0; - while(*ptr && (' ' == *ptr)) + while(*ptr && ISSPACE(*ptr)) ptr++; + endptr = ptr; + SET_ERRNO(0); clen = strtoul(ptr, &endptr, 10); - if((ptr == endptr) || ERRNO) { + if((ptr == endptr) || !ISSPACE(*endptr) || (ERANGE == ERRNO)) { /* this assumes that a zero Content-Length is valid */ logmsg("Found invalid Content-Length: (%s) in the request", ptr); req->open = FALSE; /* closes connection */ |