diff options
-rw-r--r-- | ext/unicorn_http/c_util.h | 8 | ||||
-rw-r--r-- | test/unit/test_http_parser_ng.rb | 20 |
2 files changed, 26 insertions, 2 deletions
diff --git a/ext/unicorn_http/c_util.h b/ext/unicorn_http/c_util.h index 8542b3d..ab1fc0e 100644 --- a/ext/unicorn_http/c_util.h +++ b/ext/unicorn_http/c_util.h @@ -108,8 +108,12 @@ static off_t parse_length(const char *value, size_t length) { off_t rv; - for (rv = 0; length-- && rv >= 0; ++value) - rv = step_incr(rv, *value, 10); + for (rv = 0; length-- && rv >= 0; ++value) { + if (*value >= '0' && *value <= '9') + rv = step_incr(rv, *value, 10); + else + return -1; + } return rv; } diff --git a/test/unit/test_http_parser_ng.rb b/test/unit/test_http_parser_ng.rb index 4980249..3b9111f 100644 --- a/test/unit/test_http_parser_ng.rb +++ b/test/unit/test_http_parser_ng.rb @@ -416,4 +416,24 @@ class HttpParserNgTest < Test::Unit::TestCase end end + def test_negative_content_length + req = {} + str = "PUT / HTTP/1.1\r\n" \ + "Content-Length: -1\r\n" \ + "\r\n" + assert_raises(HttpParserError) do + @parser.headers(req, str) + end + end + + def test_invalid_content_length + req = {} + str = "PUT / HTTP/1.1\r\n" \ + "Content-Length: zzzzz\r\n" \ + "\r\n" + assert_raises(HttpParserError) do + @parser.headers(req, str) + end + end + end |