1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
commit e84475de51d6fd7b29354a997413472a99db70b2
Author: Theo van Hoesel <tvanhoesel@perceptyx.com>
Date: Thu Jun 16 08:28:30 2022 +0000
Fix Content-Length ', '-separated string issues
After a security issue, we ensure we comply to
RFC-7230 -- HTTP/1.1 Message Syntax and Routing
- section 3.3.2 -- Content-Length
- section 3.3.3 -- Message Body Length
diff --git a/lib/HTTP/Daemon.pm b/lib/HTTP/Daemon.pm
index c0cdf76..a5112b3 100644
--- a/lib/HTTP/Daemon.pm
+++ b/lib/HTTP/Daemon.pm
@@ -288,6 +288,32 @@ READ_HEADER:
}
elsif ($ct_len) {
+ # After a security issue, we ensure we comply to
+ # RFC-7230 -- HTTP/1.1 Message Syntax and Routing
+ # section 3.3.2 -- Content-Length
+ # section 3.3.3 -- Message Body Length
+
+ # split and clean up Content-Length ', ' separated string
+ my @vals = map {my $str = $_; $str =~ s/^\s+//; $str =~ s/\s+$//; $str }
+ split ',', $ct_len;
+ # check that they are all numbers (RFC: Content-Length = 1*DIGIT)
+ my @nums = grep { /^[0-9]+$/} @vals;
+ unless (@vals == @nums) {
+ $self->send_error(400);
+ $self->reason("Content-Length value must be a unsigned integer");
+ return;
+ }
+ # check they are all the same
+ my $ct_len = shift @nums;
+ foreach (@nums) {
+ next if $_ == $ct_len;
+ $self->send_error(400);
+ $self->reason("Content-Length values are not the same");
+ return;
+ }
+ # ensure we have now a fixed header, with only 1 value
+ $r->header('Content-Length' => $ct_len);
+
# Plain body specified by "Content-Length"
my $missing = $ct_len - length($buf);
while ($missing > 0) {
|
