MCPcopy Index your code
hub / github.com/MapServer/MapServer / readPostBody

Function readPostBody

cgiutil.c:44–117  ·  view source on GitHub ↗

Source from the content-addressed store, hash-verified

42#define CR 13
43
44static char *readPostBody( cgiRequestObj *request )
45{
46 char *data;
47 size_t data_max, data_len;
48 int chunk_size;
49
50 msIO_needBinaryStdin();
51
52 /* -------------------------------------------------------------------- */
53 /* If the length is provided, read in one gulp. */
54 /* -------------------------------------------------------------------- */
55 if( getenv("CONTENT_LENGTH") != NULL ) {
56 data_max = (size_t) atoi(getenv("CONTENT_LENGTH"));
57 /* Test for suspicious CONTENT_LENGTH (negative value or SIZE_MAX) */
58 if( data_max >= SIZE_MAX ) {
59 msIO_printf("Content-type: text/html%c%c",10,10);
60 msIO_printf("Suspicious Content-Length.\n");
61 exit( 1 );
62 }
63 data = (char *) malloc(data_max+1);
64 if( data == NULL ) {
65 msIO_printf("Content-type: text/html%c%c",10,10);
66 msIO_printf("malloc() failed, Content-Length: %u unreasonably large?\n", data_max );
67 exit( 1 );
68 }
69
70 if( (int) msIO_fread(data, 1, data_max, stdin) < data_max ) {
71 msIO_printf("Content-type: text/html%c%c",10,10);
72 msIO_printf("POST body is short\n");
73 exit(1);
74 }
75
76 data[data_max] = '\0';
77 return data;
78 }
79 /* -------------------------------------------------------------------- */
80 /* Otherwise read in chunks to the end. */
81 /* -------------------------------------------------------------------- */
82#define DATA_ALLOC_SIZE 10000
83
84 data_max = DATA_ALLOC_SIZE;
85 data_len = 0;
86 data = (char *) malloc(data_max+1);
87 if (data == NULL) {
88 msIO_printf("Content-type: text/html%c%c",10,10);
89 msIO_printf("Out of memory allocating %u bytes.\n", data_max+1);
90 exit(1);
91 }
92
93 while( (chunk_size = msIO_fread( data + data_len, 1, data_max-data_len, stdin )) > 0 ) {
94 data_len += chunk_size;
95
96 if( data_len == data_max ) {
97 /* Realloc buffer, making sure we check for possible size_t overflow */
98 if ( data_max > SIZE_MAX - (DATA_ALLOC_SIZE+1) ) {
99 msIO_printf("Content-type: text/html%c%c",10,10);
100 msIO_printf("Possible size_t overflow, cannot reallocate input buffer, POST body too large?\n" );
101 exit(1);

Callers 1

loadParamsFunction · 0.85

Calls 3

msIO_needBinaryStdinFunction · 0.85
msIO_printfFunction · 0.85
msIO_freadFunction · 0.85

Tested by

no test coverage detected