| 42 | #define CR 13 |
| 43 | |
| 44 | static char *readPostBody( cgiRequestObj *request ) |
| 45 | { |
| 46 | char *data; |
| 47 | size_t data_max, data_len; |
| 48 | int chunk_size; |
| 49 | |
| 50 | msIO_needBinaryStdin(); |
| 51 | |
| 52 | /* -------------------------------------------------------------------- */ |
| 53 | /* If the length is provided, read in one gulp. */ |
| 54 | /* -------------------------------------------------------------------- */ |
| 55 | if( getenv("CONTENT_LENGTH") != NULL ) { |
| 56 | data_max = (size_t) atoi(getenv("CONTENT_LENGTH")); |
| 57 | /* Test for suspicious CONTENT_LENGTH (negative value or SIZE_MAX) */ |
| 58 | if( data_max >= SIZE_MAX ) { |
| 59 | msIO_printf("Content-type: text/html%c%c",10,10); |
| 60 | msIO_printf("Suspicious Content-Length.\n"); |
| 61 | exit( 1 ); |
| 62 | } |
| 63 | data = (char *) malloc(data_max+1); |
| 64 | if( data == NULL ) { |
| 65 | msIO_printf("Content-type: text/html%c%c",10,10); |
| 66 | msIO_printf("malloc() failed, Content-Length: %u unreasonably large?\n", data_max ); |
| 67 | exit( 1 ); |
| 68 | } |
| 69 | |
| 70 | if( (int) msIO_fread(data, 1, data_max, stdin) < data_max ) { |
| 71 | msIO_printf("Content-type: text/html%c%c",10,10); |
| 72 | msIO_printf("POST body is short\n"); |
| 73 | exit(1); |
| 74 | } |
| 75 | |
| 76 | data[data_max] = '\0'; |
| 77 | return data; |
| 78 | } |
| 79 | /* -------------------------------------------------------------------- */ |
| 80 | /* Otherwise read in chunks to the end. */ |
| 81 | /* -------------------------------------------------------------------- */ |
| 82 | #define DATA_ALLOC_SIZE 10000 |
| 83 | |
| 84 | data_max = DATA_ALLOC_SIZE; |
| 85 | data_len = 0; |
| 86 | data = (char *) malloc(data_max+1); |
| 87 | if (data == NULL) { |
| 88 | msIO_printf("Content-type: text/html%c%c",10,10); |
| 89 | msIO_printf("Out of memory allocating %u bytes.\n", data_max+1); |
| 90 | exit(1); |
| 91 | } |
| 92 | |
| 93 | while( (chunk_size = msIO_fread( data + data_len, 1, data_max-data_len, stdin )) > 0 ) { |
| 94 | data_len += chunk_size; |
| 95 | |
| 96 | if( data_len == data_max ) { |
| 97 | /* Realloc buffer, making sure we check for possible size_t overflow */ |
| 98 | if ( data_max > SIZE_MAX - (DATA_ALLOC_SIZE+1) ) { |
| 99 | msIO_printf("Content-type: text/html%c%c",10,10); |
| 100 | msIO_printf("Possible size_t overflow, cannot reallocate input buffer, POST body too large?\n" ); |
| 101 | exit(1); |
no test coverage detected