Fossil SCM

Adds a content-length check after reading CGI stdin to ensure that we don't continue with a short read. Patch from Warren Young in /chat.

stephan 2021-12-20 08:37 trunk merge

Commit b5bb5a7764aff998ba48868b507553a4b93a0e36c70dc444c6eaee419a778eab

Parent fb683a3e02fb8ad…

1 file changed +3 -1

M src/cgi.c

+3 -1

		--- src/cgi.c
		+++ src/cgi.c
		@@ -1196,11 +1196,13 @@
1196	1196	g.zContentType = zType;
1197	1197	}
1198	1198	blob_zero(&g.cgiIn);
1199	1199	if( len>0 && zType ){
1200	1200	if( fossil_strcmp(zType, "application/x-fossil")==0 ){
1201		- blob_read_from_channel(&g.cgiIn, g.httpIn, len);
	1201	+ if( blob_read_from_channel(&g.cgiIn, g.httpIn, len)!=len ){
	1202	+ malformed_request("CGI content-length mismatch");
	1203	+ }
1202	1204	blob_uncompress(&g.cgiIn, &g.cgiIn);
1203	1205	}
1204	1206	#ifdef FOSSIL_ENABLE_JSON
1205	1207	else if( noJson==0 && g.json.isJsonMode!=0
1206	1208	&& json_can_consume_content_type(zType)!=0 ){
1207	1209

	--- src/cgi.c
	+++ src/cgi.c
	@@ -1196,11 +1196,13 @@
1196	g.zContentType = zType;
1197	}
1198	blob_zero(&g.cgiIn);
1199	if( len>0 && zType ){
1200	if( fossil_strcmp(zType, "application/x-fossil")==0 ){
1201	blob_read_from_channel(&g.cgiIn, g.httpIn, len);


1202	blob_uncompress(&g.cgiIn, &g.cgiIn);
1203	}
1204	#ifdef FOSSIL_ENABLE_JSON
1205	else if( noJson==0 && g.json.isJsonMode!=0
1206	&& json_can_consume_content_type(zType)!=0 ){
1207

	--- src/cgi.c
	+++ src/cgi.c
	@@ -1196,11 +1196,13 @@
1196	g.zContentType = zType;
1197	}
1198	blob_zero(&g.cgiIn);
1199	if( len>0 && zType ){
1200	if( fossil_strcmp(zType, "application/x-fossil")==0 ){
1201	if( blob_read_from_channel(&g.cgiIn, g.httpIn, len)!=len ){
1202	malformed_request("CGI content-length mismatch");
1203	}
1204	blob_uncompress(&g.cgiIn, &g.cgiIn);
1205	}
1206	#ifdef FOSSIL_ENABLE_JSON
1207	else if( noJson==0 && g.json.isJsonMode!=0
1208	&& json_can_consume_content_type(zType)!=0 ){
1209