RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-20 18:15:07 +00:00
Code Issues Activity Actions

LibHTTP: Trim received data to Content-Length

Browse source 
Apparently servers will feel free to pad their response if they send one
that contains a content-length field.
We should not assume that the entirety of the response is valid data.
This commit is contained in:
AnotherTest 2020-05-02 22:48:40 +04:30 committed by Andreas Kling
parent ce0bed0482
commit a63e8c4a03
2 changed files with 9 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

7
Libraries/LibHTTP/HttpJob.cpp
View file

@ -158,8 +158,11 @@ void HttpJob::on_socket_connected()
auto content_length_header = m_headers.get("Content-Length");
if (content_length_header.has_value()) {
bool ok;
if (m_received_size >= content_length_header.value().to_uint(ok) && ok)
return finish_up();
auto content_length = content_length_header.value().to_uint(ok);
if (ok && m_received_size >= content_length) {
m_received_size = content_length;
finish_up();
}
}
};
}