Fix #2014

2025-05-14 16:58:30 +00:00 · 2025-01-16 22:36:07 -05:00 · 2025-01-16 22:36:07 -05:00 · ba6845925d
commit ba6845925d
parent 343a0fc073
2 changed files with 67 additions and 11 deletions
--- a/httplib.h
+++ b/httplib.h
@ -2012,18 +2012,34 @@ inline void duration_to_sec_and_usec(const T &duration, U callback) {
  callback(static_cast<time_t>(sec), static_cast<time_t>(usec));
 }

+inline bool is_numeric(const std::string &str) {
+  return !str.empty() && std::all_of(str.begin(), str.end(), ::isdigit);
+}
+
 inline uint64_t get_header_value_u64(const Headers &headers,
                                     const std::string &key, uint64_t def,
-                                     size_t id) {
+                                     size_t id, bool &is_invalid_value) {
+  is_invalid_value = false;
  auto rng = headers.equal_range(key);
  auto it = rng.first;
  std::advance(it, static_cast<ssize_t>(id));
  if (it != rng.second) {
-    return std::strtoull(it->second.data(), nullptr, 10);
+    if (is_numeric(it->second)) {
+      return std::strtoull(it->second.data(), nullptr, 10);
+    } else {
+      is_invalid_value = true;
+    }
  }
  return def;
 }

+inline uint64_t get_header_value_u64(const Headers &headers,
+                                     const std::string &key, uint64_t def,
+                                     size_t id) {
+  bool dummy = false;
+  return get_header_value_u64(headers, key, def, id, dummy);
+}
+
 } // namespace detail

 inline uint64_t Request::get_header_value_u64(const std::string &key,
@ -4433,8 +4449,14 @@ bool read_content(Stream &strm, T &x, size_t payload_max_length, int &status,
        } else if (!has_header(x.headers, "Content-Length")) {
          ret = read_content_without_length(strm, out);
        } else {
-          auto len = get_header_value_u64(x.headers, "Content-Length", 0, 0);
-          if (len > payload_max_length) {
+          auto is_invalid_value = false;
+          auto len = get_header_value_u64(x.headers, "Content-Length",
+                                          std::numeric_limits<uint64_t>::max(),
+                                          0, is_invalid_value);
+
+          if (is_invalid_value) {
+            ret = false;
+          } else if (len > payload_max_length) {
            exceed_payload_max_length = true;
            skip_content_with_length(strm, len);
            ret = false;