From f442dd6496c8710c4000a078e8085238fdaa7545 Mon Sep 17 00:00:00 2001
From: Yang Tse <yangsita@gmail.com>
Date: Tue, 16 Feb 2010 11:17:00 +0000
Subject: fix Content-Length validation

---
 tests/server/rtspd.c | 6 ++++--
 tests/server/sws.c   | 6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

(limited to 'tests')

diff --git a/tests/server/rtspd.c b/tests/server/rtspd.c
index c10b829aa..56111bd26 100644
--- a/tests/server/rtspd.c
+++ b/tests/server/rtspd.c
@@ -581,10 +581,12 @@ static int ProcessRequest(struct httprequest *req)
       char *endptr;
       char *ptr = line + 15;
       unsigned long clen = 0;
-      while(*ptr && (' ' == *ptr))
+      while(*ptr && ISSPACE(*ptr))
         ptr++;
+      endptr = ptr;
+      SET_ERRNO(0);
       clen = strtoul(ptr, &endptr, 10);
-      if((ptr == endptr) || ERRNO) {
+      if((ptr == endptr) || !ISSPACE(*endptr) || (ERANGE == ERRNO)) {
         /* this assumes that a zero Content-Length is valid */
         logmsg("Found invalid Content-Length: (%s) in the request", ptr);
         req->open = FALSE; /* closes connection */
diff --git a/tests/server/sws.c b/tests/server/sws.c
index b12b670b5..42446a9ac 100644
--- a/tests/server/sws.c
+++ b/tests/server/sws.c
@@ -500,10 +500,12 @@ static int ProcessRequest(struct httprequest *req)
       char *endptr;
       char *ptr = line + 15;
       unsigned long clen = 0;
-      while(*ptr && (' ' == *ptr))
+      while(*ptr && ISSPACE(*ptr))
         ptr++;
+      endptr = ptr;
+      SET_ERRNO(0);
       clen = strtoul(ptr, &endptr, 10);
-      if((ptr == endptr) || ERRNO) {
+      if((ptr == endptr) || !ISSPACE(*endptr) || (ERANGE == ERRNO)) {
         /* this assumes that a zero Content-Length is valid */
         logmsg("Found invalid Content-Length: (%s) in the request", ptr);
         req->open = FALSE; /* closes connection */
-- 
cgit v1.2.3