RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-31 05:08:13 +00:00
Code Issues Activity Actions

LibHTTP: Trim received data to Content-Length

Browse source 
Apparently servers will feel free to pad their response if they send one
that contains a content-length field.
We should not assume that the entirety of the response is valid data.
This commit is contained in:
AnotherTest 2020-05-02 22:48:40 +04:30 committed by Andreas Kling
parent ce0bed0482
commit a63e8c4a03
2 changed files with 9 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

7
Libraries/LibHTTP/HttpJob.cpp
View file

@ -158,8 +158,11 @@ void HttpJob::on_socket_connected()
auto content_length_header = m_headers.get("Content-Length"); auto content_length_header = m_headers.get("Content-Length");
if (content_length_header.has_value()) { if (content_length_header.has_value()) {
bool ok; bool ok;
if (m_received_size >= content_length_header.value().to_uint(ok) && ok) auto content_length = content_length_header.value().to_uint(ok);
return finish_up(); if (ok && m_received_size >= content_length) {
m_received_size = content_length;
finish_up();
}
} }
}; };
} }

5
Libraries/LibHTTP/HttpsJob.cpp
View file

@ -168,8 +168,11 @@ void HttpsJob::on_socket_connected()
auto content_length_header = m_headers.get("Content-Length"); auto content_length_header = m_headers.get("Content-Length");
if (content_length_header.has_value()) { if (content_length_header.has_value()) {
bool ok; bool ok;
if (m_received_size >= content_length_header.value().to_uint(ok) && ok) auto content_length = content_length_header.value().to_uint(ok);
if (ok && m_received_size >= content_length) {
m_received_size = content_length;
finish_up(); finish_up();
}
} else { } else {
// no content-length, assume closed connection // no content-length, assume closed connection
finish_up(); finish_up();