From a63e8c4a0374ffd3e20a67260753d051c9a9c8dc Mon Sep 17 00:00:00 2001 From: AnotherTest Date: Sat, 2 May 2020 22:48:40 +0430 Subject: [PATCH] LibHTTP: Trim received data to Content-Length Apparently servers will feel free to pad their response if they send one that contains a content-length field. We should not assume that the entirety of the response is valid data. --- Libraries/LibHTTP/HttpJob.cpp | 7 +++++-- Libraries/LibHTTP/HttpsJob.cpp | 5 ++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/Libraries/LibHTTP/HttpJob.cpp b/Libraries/LibHTTP/HttpJob.cpp index ae1165756b..8b1b0e8c9d 100644 --- a/Libraries/LibHTTP/HttpJob.cpp +++ b/Libraries/LibHTTP/HttpJob.cpp @@ -158,8 +158,11 @@ void HttpJob::on_socket_connected() auto content_length_header = m_headers.get("Content-Length"); if (content_length_header.has_value()) { bool ok; - if (m_received_size >= content_length_header.value().to_uint(ok) && ok) - return finish_up(); + auto content_length = content_length_header.value().to_uint(ok); + if (ok && m_received_size >= content_length) { + m_received_size = content_length; + finish_up(); + } } }; } diff --git a/Libraries/LibHTTP/HttpsJob.cpp b/Libraries/LibHTTP/HttpsJob.cpp index 412be193ce..c35575d025 100644 --- a/Libraries/LibHTTP/HttpsJob.cpp +++ b/Libraries/LibHTTP/HttpsJob.cpp @@ -168,8 +168,11 @@ void HttpsJob::on_socket_connected() auto content_length_header = m_headers.get("Content-Length"); if (content_length_header.has_value()) { bool ok; - if (m_received_size >= content_length_header.value().to_uint(ok) && ok) + auto content_length = content_length_header.value().to_uint(ok); + if (ok && m_received_size >= content_length) { + m_received_size = content_length; finish_up(); + } } else { // no content-length, assume closed connection finish_up();