[core] stricter parsing of POST chunked block hdr

2020-07-28 07:39:47 -04:00 · 2020-07-28 07:39:47 -04:00 · c3073b4da6
parent 9ca668c870
commit c3073b4da6
1 changed files with 6 additions and 0 deletions
--- a/src/connections-glue.c
+++ b/src/connections-glue.c
@ -148,6 +148,12 @@ static handler_t connection_handle_read_post_chunked(request_st * const r, chunk
                    te_chunked <<= 4;
                    te_chunked |= u;
                }
+                if (s == (unsigned char *)c->mem->ptr+c->offset) { /*(no hex)*/
+                    log_error(r->conf.errh, __FILE__, __LINE__,
+                      "chunked header invalid chars -> 400");
+                    /* 400 Bad Request */
+                    return connection_handle_read_post_error(r, 400);
+                }
                while (*s == ' ' || *s == '\t') ++s;
                if (*s != '\r' && *s != ';') {
                    log_error(r->conf.errh, __FILE__, __LINE__,