View | Details | Raw Unified | Return to bug 85842
Collapse All | Expand All

(-)src/http/client/OW_HTTPClient.cpp (-2 / +6 lines)
Lines 922-929 Link Here
922 
	}
 922 
	}
923 
	else if (headerHasKey("Content-Length"))
 923 
	else if (headerHasKey("Content-Length"))
924 
	{
 924 
	{
925 
		rval = new HTTPLenLimitIStream(m_istr,
 925 
		Int64 clen = getHeaderValue("Content-Length").toInt64();
926 
			getHeaderValue("Content-Length").toInt32());
 926 
		if (clen < 0)
927 
		{
928 
			OW_THROW(HTTPException, "Invalid Content-Length");
929 
		}
930 
		rval = new HTTPLenLimitIStream(m_istr,clen);
927 
	}
 931 
	}
928 
	if (getHeaderValue("Content-Encoding").equalsIgnoreCase("deflate"))
 932 
	if (getHeaderValue("Content-Encoding").equalsIgnoreCase("deflate"))
929 
	{
 933 
	{
(-)src/http/common/OW_HTTPChunkedIStream.cpp (-1 / +1 lines)
Lines 71-77 Link Here
71 
		if (m_inLen == -1)
 71 
		if (m_inLen == -1)
72 
		{
 72 
		{
73 
			m_istr >> std::hex >> m_inLen >> std::dec;
 73 
			m_istr >> std::hex >> m_inLen >> std::dec;
74 
			if (m_istr.fail() || m_istr.bad())
 74 
			if (m_istr.fail() || m_istr.bad() || m_inLen < 0)
75 
			{
 75 
			{
76 
				return -1;
 76 
				return -1;
77 
			}
 77 
			}
(-)src/http/common/OW_HTTPLenLimitIStream.cpp (+7 lines)
Lines 62-67 Link Here
62 
	}
 62 
	}
63 
	// min of n and (length - pos)
 63 
	// min of n and (length - pos)
64 
	int tmpInLen = (n < (m_length - m_pos)) ? n : (m_length - m_pos);
 64 
	int tmpInLen = (n < (m_length - m_pos)) ? n : (m_length - m_pos);
65 
	if (tmpInLen > n)
66 
	{
67 
		// This shouldn't happen, but it could if m_length were
68 
		// negative (32bit vs. 64bit problem).  Check it here to
69 
		// prevent the possibility of a buffer overflow.
70 
		return -1;
71 
	}
65 
	m_istr.read(c, tmpInLen);
 72 
	m_istr.read(c, tmpInLen);
66 
	int lastRead = m_istr.gcount();
 73 
	int lastRead = m_istr.gcount();
67 
	m_pos += lastRead;
 74 
	m_pos += lastRead;

Return to bug 85842