Re: svn commit: r1877954 - in /httpd/httpd/trunk: docs/log-message-tags/ include/ modules/apreq/ modules/cache/ modules/dav/main/ modules/filters/ modules/http/ modules/mappers/ modules/proxy/ server/

[Ruediger Pluem]

On 5/20/20 4:01 PM, yla...@apache.org wrote:
> Author: ylavic
> Date: Wed May 20 14:01:17 2020
> New Revision: 1877954
> 
> URL: http://svn.apache.org/viewvc?rev=1877954&view=rev
> Log:
> core,modules: provide/use ap_parse_strict_length() helper.
> 
> It helps simplifying a lot of duplicated code based on apr_strtoff(), while
> also rejecting leading plus/minus signs which are dissalowed in Content-Length
> and (Content-)Range headers.
> 
> Modified:
>     httpd/httpd/trunk/docs/log-message-tags/next-number
>     httpd/httpd/trunk/include/ap_mmn.h
>     httpd/httpd/trunk/include/httpd.h
>     httpd/httpd/trunk/modules/apreq/filter.c
>     httpd/httpd/trunk/modules/cache/mod_cache.c
>     httpd/httpd/trunk/modules/cache/mod_cache_disk.c
>     httpd/httpd/trunk/modules/cache/mod_cache_socache.c
>     httpd/httpd/trunk/modules/dav/main/mod_dav.c
>     httpd/httpd/trunk/modules/filters/mod_data.c
>     httpd/httpd/trunk/modules/filters/mod_reflector.c
>     httpd/httpd/trunk/modules/filters/mod_request.c
>     httpd/httpd/trunk/modules/http/byterange_filter.c
>     httpd/httpd/trunk/modules/http/http_filters.c
>     httpd/httpd/trunk/modules/mappers/mod_negotiation.c
>     httpd/httpd/trunk/modules/proxy/mod_proxy.c
>     httpd/httpd/trunk/modules/proxy/mod_proxy_ajp.c
>     httpd/httpd/trunk/modules/proxy/mod_proxy_http.c
>     httpd/httpd/trunk/server/apreq_module_cgi.c
>     httpd/httpd/trunk/server/util.c
> 

> Modified: httpd/httpd/trunk/server/util.c
> URL: 
> http://svn.apache.org/viewvc/httpd/httpd/trunk/server/util.c?rev=1877954&r1=1877953&r2=1877954&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/server/util.c (original)
> +++ httpd/httpd/trunk/server/util.c Wed May 20 14:01:17 2020
> @@ -2673,6 +2673,15 @@ AP_DECLARE(apr_status_t) ap_timeout_para
>      return APR_SUCCESS;
>  }
>  
> +AP_DECLARE(int) ap_parse_strict_length(apr_off_t *len, const char *str)
> +{
> +    char *end;
> +
> +    return (apr_isdigit(*str)
> +            && apr_strtoff(len, str, &end, 10) == APR_SUCCESS
> +            && *end == '\0');
> +}
> +
>  /**
>   * Determine if a request has a request body or not.
>   *
> @@ -2682,20 +2691,13 @@ AP_DECLARE(apr_status_t) ap_timeout_para
>  AP_DECLARE(int) ap_request_has_body(request_rec *r)
>  {
>      apr_off_t cl;
> -    char *estr;
>      const char *cls;
> -    int has_body;
>  
> -    has_body = (!r->header_only
> -                && (r->kept_body
> -                    || apr_table_get(r->headers_in, "Transfer-Encoding")
> -                    || ( (cls = apr_table_get(r->headers_in, 
> "Content-Length"))
> -                        && (apr_strtoff(&cl, cls, &estr, 10) == APR_SUCCESS)
> -                        && (!*estr)
> -                        && (cl > 0) )
> -                    )
> -                );
> -    return has_body;
> +    return (!r->header_only
> +            && (r->kept_body
> +                || apr_table_get(r->headers_in, "Transfer-Encoding")
> +                || ((cls = apr_table_get(r->headers_in, "Content-Length"))
> +                    && ap_parse_strict_length(&cl, cls) && cl > 0)));

Are we sure that cls is not NULL here? ap_parse_strict_length is not NULL safe 
:-)

Regards

Rüdiger