Add validation for HTTP connection sizes

diff --git a/lib/remote/httpchunkedencoding.cpp b/lib/remote/httpchunkedencoding.cpp
index 8903a4305718f6d6873f011fec73b2dd3afed81d..32d7c199cd9131a7ab0fc692691c0dfd8d074774 100644 (file)
--- a/lib/remote/httpchunkedencoding.cpp
+++ b/lib/remote/httpchunkedencoding.cpp
@@ -37,6 +37,8 @@ StreamReadStatus HttpChunkedEncoding::ReadChunkFromStream(const Stream::Ptr& str
                msgbuf << std::hex << line;
                msgbuf >> context.LengthIndicator;
 
+               if (context.LengthIndicator < 0)
+                       BOOST_THROW_EXCEPTION(std::invalid_argument("HTTP chunk length must not be negative."));
        }
 
        StreamReadContext& scontext = context.StreamContext;

diff --git a/lib/remote/httprequest.cpp b/lib/remote/httprequest.cpp
index 43918c3223fa4c422f32b4a110e68822a914a635..0a2f161abd62cbe3e32dc7ebd5a7d0dd7775c48f 100644 (file)
--- a/lib/remote/httprequest.cpp
+++ b/lib/remote/httprequest.cpp
@@ -131,7 +131,12 @@ bool HttpRequest::Parse(StreamReadContext& src, bool may_wait)
                                src.MustRead = false;
                        }
 
-                       size_t length_indicator = Convert::ToLong(Headers->Get("content-length"));
+                       long length_indicator_signed = Convert::ToLong(Headers->Get("content-length"));
+
+                       if (length_indicator_signed < 0)
+                               BOOST_THROW_EXCEPTION(std::invalid_argument("Content-Length must not be negative."));
+
+                       size_t length_indicator = length_indicator_signed;
 
                        if (src.Size < length_indicator) {
                                src.MustRead = true;