boostorg/beast
1
0
Fork 1
mirror of https://github.com/boostorg/beast.git synced 2025-08-01 13:54:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Handle overflow in max size calculation in basic_dynamic_body

Browse Source 
fix #1581

Signed-off-by: Damian Jarek <damian.jarek93@gmail.com>
This commit is contained in:
Damian Jarek
2019-07-06 18:40:31 +02:00
parent 881405a816
commit 63ef7f65bc
3 changed files with 38 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGELOG.md
View File

@@ -1,3 +1,9 @@
Version 264:
* Handle overflow in max size calculation in `basic_dynamic_body`
--------------------------------------------------------------------------------
Version 263: Version 263:
* Update documentation * Update documentation

3
include/boost/beast/http/basic_dynamic_body.hpp
View File

@@ -13,6 +13,7 @@
#include <boost/beast/core/detail/config.hpp> #include <boost/beast/core/detail/config.hpp>
#include <boost/beast/core/buffer_traits.hpp> #include <boost/beast/core/buffer_traits.hpp>
#include <boost/beast/core/detail/buffer.hpp> #include <boost/beast/core/detail/buffer.hpp>
#include <boost/beast/core/detail/clamp.hpp>
#include <boost/beast/http/error.hpp> #include <boost/beast/http/error.hpp>
#include <boost/beast/http/message.hpp> #include <boost/beast/http/message.hpp>
#include <boost/optional.hpp> #include <boost/optional.hpp>
@@ -89,7 +90,7 @@ struct basic_dynamic_body
error_code& ec) error_code& ec)
{ {
auto const n = buffer_bytes(buffers); auto const n = buffer_bytes(buffers);
if(body_.size() > body_.max_size() - n) if(beast::detail::sum_exceeds(body_.size(), n, body_.max_size()))
{ {
ec = error::buffer_overflow; ec = error::buffer_overflow;
return 0; return 0;

30
test/beast/http/dynamic_body.cpp
View File

@@ -39,7 +39,7 @@ public:
} }
void void
run() override test_success()
{ {
std::string const s = std::string const s =
"HTTP/1.1 200 OK\r\n" "HTTP/1.1 200 OK\r\n"
@@ -55,6 +55,34 @@ public:
BEAST_EXPECT(buffers_to_string(m.body().data()) == "xyz"); BEAST_EXPECT(buffers_to_string(m.body().data()) == "xyz");
BEAST_EXPECT(to_string(m) == s); BEAST_EXPECT(to_string(m) == s);
} }
void
test_issue1581()
{
std::string const s =
"HTTP/1.1 200 OK\r\n"
"Server: test\r\n"
"Content-Length: 132\r\n"
"\r\n"
"xyzxyzxyzxyzxyzxyzxyzxyzxyzxyzxyz"
"xyzxyzxyzxyzxyzxyzxyzxyzxyzxyzxyz"
"xyzxyzxyzxyzxyzxyzxyzxyzxyzxyzxyz"
"xyzxyzxyzxyzxyzxyzxyzxyzxyzxyzxyz";
test::stream ts(ioc_, s);
response_parser<dynamic_body> p;
multi_buffer b;
p.get().body().max_size(64);
error_code ec;
read(ts, b, p, ec);
BEAST_EXPECT(ec == http::error::buffer_overflow);
}
void
run() override
{
test_success();
test_issue1581();
}
}; };
BEAST_DEFINE_TESTSUITE(beast,http,dynamic_body); BEAST_DEFINE_TESTSUITE(beast,http,dynamic_body);