Skip to content

Commit 7cab422

Browse files
committed
core: Fix Content-Length parsing
Issue discovered during OpenSIPS Security Audit 2022, by Alfred Farrugia & Sandro Gauci (Enable Security) GHSA-c6j5-f4h4-2xrq
1 parent 2cdd76f commit 7cab422

File tree

1 file changed

+5
-3
lines changed

1 file changed

+5
-3
lines changed

Diff for: parser/parse_content.c

+5-3
Original file line numberDiff line numberDiff line change
@@ -241,12 +241,14 @@ char* parse_content_length( char* buffer, char* end, int* length)
241241
size = 0;
242242
number = 0;
243243
while (p<end && *p>='0' && *p<='9') {
244-
number = number*10 + (*p)-'0';
245-
if (number<0) {
246-
LM_ERR("number overflow at pos %d in len number [%.*s]\n",
244+
/* do not actually cause an integer overflow, as it is UB! --liviu */
245+
if (number > 214748363) {
246+
LM_ERR("integer overflow risk at pos %d in len number [%.*s]\n",
247247
(int)(p-buffer),(int)(end-buffer), buffer);
248248
return 0;
249249
}
250+
251+
number = number*10 + (*p)-'0';
250252
size ++;
251253
p++;
252254
}

0 commit comments

Comments
 (0)