Add validation for HTTP connection sizes

diff --git a/lib/remote/httpchunkedencoding.cpp b/lib/remote/httpchunkedencoding.cpp
index e79d3483a9ca00e3b75c57b6a1baeb38ed9626b9..9981749c243d912f3b6e2bf7d69ce37e7e3ccc32 100644 (file)
--- a/lib/remote/httpchunkedencoding.cpp
+++ b/lib/remote/httpchunkedencoding.cpp
@@ -37,6 +37,8 @@ StreamReadStatus HttpChunkedEncoding::ReadChunkFromStream(const Stream::Ptr& str
                msgbuf << std::hex << line;
                msgbuf >> context.LengthIndicator;
 
+               if (context.LengthIndicator < 0)
+                       BOOST_THROW_EXCEPTION(std::invalid_argument("HTTP chunk length must not be negative."));
        }
 
        StreamReadContext& scontext = context.StreamContext;

diff --git a/lib/remote/httprequest.cpp b/lib/remote/httprequest.cpp
index 546728d666daf33d228cd464b19777e2cad60d62..b85a3d0ecc4aa857df8464b11f0150c4a46bd6ec 100644 (file)
--- a/lib/remote/httprequest.cpp
+++ b/lib/remote/httprequest.cpp
@@ -126,7 +126,12 @@ bool HttpRequest::Parse(StreamReadContext& src, bool may_wait)
                                src.MustRead = false;
                        }
 
-                       size_t length_indicator = Convert::ToLong(Headers->Get("content-length"));
+                       long length_indicator_signed = Convert::ToLong(Headers->Get("content-length"));
+
+                       if (length_indicator_signed < 0)
+                               BOOST_THROW_EXCEPTION(std::invalid_argument("Content-Length must not be negative."));
+
+                       size_t length_indicator = length_indicator_signed;
 
                        if (src.Size < length_indicator) {
                                src.MustRead = true;