if (c = http_message_header(msg, "Content-Length")) {
/* message has content-length header */
if (c = http_message_header(msg, "Content-Length")) {
- long len = atol(Z_STRVAL_P(c));
+ unsigned long len = strtoul(Z_STRVAL_P(c), NULL, 10);
+ if (len > remaining) {
+ http_error_ex(HE_NOTICE, HTTP_E_MALFORMED_HEADERS, "The Content-Length header pretends a larger body than actually received (expected %lu bytes; got %lu bytes)", len, remaining);
+ len = remaining;
+ }
phpstr_from_string_ex(PHPSTR(msg), body, len);
continue_at = body + len;
} else
/* message has content-range header */
if (c = http_message_header(msg, "Content-Range")) {
phpstr_from_string_ex(PHPSTR(msg), body, len);
continue_at = body + len;
} else
/* message has content-range header */
if (c = http_message_header(msg, "Content-Range")) {
- ulong total = 0, start = 0, end = 0;
+ ulong total = 0, start = 0, end = 0, len = 0;
if (!strncasecmp(Z_STRVAL_P(c), "bytes=", lenof("bytes="))) {
char *total_at = NULL, *end_at = NULL;
if (!strncasecmp(Z_STRVAL_P(c), "bytes=", lenof("bytes="))) {
+ http_error_ex(HE_NOTICE, HTTP_E_MALFORMED_HEADERS, "The Content-Range header pretends a larger body than actually received (expected %lu bytes; got %lu bytes)", len, remaining);