From d05684a50a4396b72024ce4d31379d1d34592079 Mon Sep 17 00:00:00 2001 From: Armin Novak Date: Fri, 19 Oct 2018 11:39:22 +0200 Subject: [PATCH] Properly parse ContentType to find length. --- libfreerdp/core/gateway/http.c | 58 ++++++++++++++++++++++++++++++++++-------- 1 file changed, 48 insertions(+), 10 deletions(-) diff --git a/libfreerdp/core/gateway/http.c b/libfreerdp/core/gateway/http.c index 565c878..85248ed 100644 --- a/libfreerdp/core/gateway/http.c +++ b/libfreerdp/core/gateway/http.c @@ -691,6 +691,41 @@ BOOL http_response_print(HttpResponse* response) return TRUE; } +static BOOL http_use_content_length(const char* cur) +{ + size_t pos = 0; + + if (!cur) + return FALSE; + + if (_strnicmp(cur, "application/rpc", 15) == 0) + pos = 15; + else if (_strnicmp(cur, "text/plain", 10) == 0) + pos = 10; + else if (_strnicmp(cur, "text/html", 9) == 0) + pos = 9; + + if (pos > 0) + { + char end = cur[pos]; + + switch (end) + { + case ' ': + case ';': + case '\0': + case '\r': + case '\n': + return TRUE; + + default: + return FALSE; + } + } + + return FALSE; +} + HttpResponse* http_response_recv(rdpTls* tls) { size_t size; @@ -793,19 +828,22 @@ HttpResponse* http_response_recv(rdpTls* tls) response->BodyLength = Stream_GetPosition(response->data) - payloadOffset; bodyLength = 0; /* expected body length */ - - if (response->ContentType) { - if (_stricmp(response->ContentType, "application/rpc") != 0) - bodyLength = response->ContentLength; - else if (_stricmp(response->ContentType, "text/plain") == 0) - bodyLength = response->ContentLength; - else if (_stricmp(response->ContentType, "text/html") == 0) - bodyLength = response->ContentLength; - } - else + const char* cur = response->ContentType; bodyLength = response->BodyLength; + while (cur != NULL) + { + if (http_use_content_length(cur)) + { + bodyLength = response->ContentLength; + break; + } + + cur = strchr(cur, ';'); + } + } + if (bodyLength > RESPONSE_SIZE_LIMIT) { WLog_ERR(TAG, "Expected request body too large! (%"PRIdz" bytes) Aborting!", bodyLength); -- 2.7.4