Reject Content-Length over 2^31

Nobody's going to sit around waiting for > 2GB to download in one chunk

diff --git a/librtmp/hashswf.c b/librtmp/hashswf.c
index 6a2daf1c947cf372ac1609f1a65eb601c899ef14..32b2eed908ce75f69a8ff4c501956fd8bf4b6ba7 100644 (file)
--- a/librtmp/hashswf.c
+++ b/librtmp/hashswf.c
@@ -245,7 +245,7 @@ HTTP_get(struct HTTP_ctx *http, const char *url, HTTP_read_callback *cb)
            (sb.sb_start, "Content-Length: ", sizeof("Content-Length: ") - 1))
        {
          flen = strtol(sb.sb_start + sizeof("Content-Length: ") - 1, NULL, 10);
-         if (flen < 0 || ((flen == LONG_MAX || flen == LONG_MIN) && errno == ERANGE))
+         if (flen < 1 || flen > INT_MAX)
          {
            ret = HTTPRES_BAD_REQUEST;
            goto leave;

diff --git a/librtmp/rtmp.c b/librtmp/rtmp.c
index 4cbb7115330e1793a33fd40bde4630e476cab66a..0865689ebf65c36711f7f373f3c008d407613334 100644 (file)
--- a/librtmp/rtmp.c
+++ b/librtmp/rtmp.c
@@ -4456,7 +4456,7 @@ restart:
   if (!ptr)
     return -1;
   hlen = strtol(ptr+16, NULL, 10);
-  if (hlen < 1 || ((hlen == LONG_MIN || hlen == LONG_MAX) && errno == ERANGE))
+  if (hlen < 1 || hlen > INT_MAX)
     return -1;
   ptr = strstr(ptr+16, "\r\n\r\n");
   if (!ptr)