projects
/
project
/
luci.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
9483643
)
* luci/libs/http: added more sanity checks to mime decoder
author
Jo-Philipp Wich
<jow@openwrt.org>
Fri, 18 Jul 2008 14:19:56 +0000
(14:19 +0000)
committer
Jo-Philipp Wich
<jow@openwrt.org>
Fri, 18 Jul 2008 14:19:56 +0000
(14:19 +0000)
libs/http/luasrc/http/protocol.lua
patch
|
blob
|
history
diff --git
a/libs/http/luasrc/http/protocol.lua
b/libs/http/luasrc/http/protocol.lua
index
b035387
..
95712c9
100644
(file)
--- a/
libs/http/luasrc/http/protocol.lua
+++ b/
libs/http/luasrc/http/protocol.lua
@@
-455,13
+455,20
@@
function mimedecode_message_body( src, msg, filecb )
end
end
- local
field = { headers = { } }
+ local
tlen = 0
local inhdr = false
local inhdr = false
+ local field = nil
local store = nil
local lchunk = nil
local function snk( chunk )
local store = nil
local lchunk = nil
local function snk( chunk )
+ tlen = tlen + ( chunk and #chunk or 0 )
+
+ if msg.env.CONTENT_LENGTH and tlen > msg.env.CONTENT_LENGTH then
+ return nil, "Message body size exceeds Content-Length"
+ end
+
if chunk and not lchunk then
lchunk = "\r\n" .. chunk
if chunk and not lchunk then
lchunk = "\r\n" .. chunk
@@
-524,7
+531,11
@@
function mimedecode_message_body( src, msg, filecb )
lchunk = data:sub( #data - 78 + 1, #data )
data = data:sub( 1, #data - 78 )
lchunk = data:sub( #data - 78 + 1, #data )
data = data:sub( 1, #data - 78 )
- store( field.headers, data )
+ if store and field and field.name then
+ store( field.headers, data )
+ else
+ return nil, "Invalid MIME section header"
+ end
else
lchunk, data = data, nil
end
else
lchunk, data = data, nil
end
@@
-620,7
+631,7
@@
function parse_message_header( source )
-- Populate common environment variables
msg.env = {
-- Populate common environment variables
msg.env = {
- CONTENT_LENGTH =
msg.headers['Content-Length']
;
+ CONTENT_LENGTH =
tonumber(msg.headers['Content-Length'])
;
CONTENT_TYPE = msg.headers['Content-Type'];
REQUEST_METHOD = msg.request_method:upper();
REQUEST_URI = msg.request_uri;
CONTENT_TYPE = msg.headers['Content-Type'];
REQUEST_METHOD = msg.request_method:upper();
REQUEST_URI = msg.request_uri;