From e84475de51d6fd7b29354a997413472a99db70b2 Mon Sep 17 00:00:00 2001 From: Theo van Hoesel Date: Thu, 16 Jun 2022 08:28:30 +0000 Subject: [PATCH] Fix Content-Length ', '-separated string issues After a security issue, we ensure we comply to RFC-7230 -- HTTP/1.1 Message Syntax and Routing - section 3.3.2 -- Content-Length - section 3.3.3 -- Message Body Length --- lib/HTTP/Daemon.pm | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/lib/HTTP/Daemon.pm b/lib/HTTP/Daemon.pm index c0cdf76..a5112b3 100644 --- a/lib/HTTP/Daemon.pm +++ b/lib/HTTP/Daemon.pm @@ -288,6 +288,32 @@ READ_HEADER: } elsif ($len) { + # After a security issue, we ensure we comply to + # RFC-7230 -- HTTP/1.1 Message Syntax and Routing + # section 3.3.2 -- Content-Length + # section 3.3.3 -- Message Body Length + + # split and clean up Content-Length ', ' separated string + my @vals = map {my $str = $_; $str =~ s/^\s+//; $str =~ s/\s+$//; $str } + split ',', $len; + # check that they are all numbers (RFC: Content-Length = 1*DIGIT) + my @nums = grep { /^[0-9]+$/} @vals; + unless (@vals == @nums) { + $self->send_error(400); + $self->reason("Content-Length value must be a unsigned integer"); + return; + } + # check they are all the same + my $len = shift @nums; + foreach (@nums) { + next if $_ == $len; + $self->send_error(400); + $self->reason("Content-Length values are not the same"); + return; + } + # ensure we have now a fixed header, with only 1 value + $r->header('Content-Length' => $len); + # Plain body specified by "Content-Length" my $missing = $len - length($buf); while ($missing > 0) {