FIX: HTTP protocol - limit input data according Content-Length

Oldes · Oldes · commit 242cebaf41b1 · 2020-02-26T23:19:34.000+01:00
fixes: Oldes/Rebol-issues#2386
diff --git a/src/mezz/prot-http.r b/src/mezz/prot-http.r
@@ -11,7 +11,7 @@ REBOL [
 	}
 	Name: 'http
 	Type: 'module
-	Version: 0.3.3
+	Version: 0.3.4
 	Date: 25-Feb-2020
 	File: %prot-http.r
 	Purpose: {
@@ -32,6 +32,7 @@ REBOL [
 		0.3.1 13-Feb-2020 "Oldes" "FEAT: Possible auto conversion to text if found charset specification in content-type"
 		0.3.2 25-Feb-2020 "Oldes" "FIX: Properly handling chunked data"
 		0.3.3 25-Feb-2020 "Oldes" "FEAT: support for read/binary and write/binary to force raw data result"
+		0.3.4 26-Feb-2020 "Oldes" "FIX: limit input data according Content-Length (#issues/2386)"
 	]
 ]
 
@@ -617,10 +618,10 @@ check-data: func [port /local headers res data available out chunk-size pos trai
 			]
 		]
 		integer? headers/content-length [
-			port/data: conn/data
-			either headers/content-length <= length? port/data [
+			either headers/content-length <= length? conn/data [
 				state/state: 'ready
-				conn/data: make binary! 32000 ;@@ Oldes: why not just none?
+				port/data: copy/part conn/data headers/content-length
+				conn/data: none
 				res: state/awake make event! [type: 'custom port: port code: 0]
 			][
 				;Awake from the WAIT loop to prevent timeout when reading big data. --Richard
diff --git a/src/tests/test-httpd.r3 b/src/tests/test-httpd.r3
@@ -38,6 +38,12 @@ my-actor: object [
 				ctx/out/header/Location: %/form/
 				; request processing will stop with redirection response
 			]
+			%plain/ [
+				ctx/out/status: 200
+				ctx/out/header/Content-Type: "text/plain; charset=UTF-8"
+				ctx/out/content: "hello"
+				; request processing will stop with response 200 serving the plain text content
+			]
 		]
 	]
 	On-Post-Received: func [ctx [object!]][

Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@ REBOL [`
`11`	`11`	`}`
`12`	`12`	`Name: 'http`
`13`	`13`	`Type: 'module`
`14`		`- Version: 0.3.3`
	`14`	`+ Version: 0.3.4`
`15`	`15`	`Date: 25-Feb-2020`
`16`	`16`	`File: %prot-http.r`
`17`	`17`	`Purpose: {`
`@@ -32,6 +32,7 @@ REBOL [`
`32`	`32`	`0.3.1 13-Feb-2020 "Oldes" "FEAT: Possible auto conversion to text if found charset specification in content-type"`
`33`	`33`	`0.3.2 25-Feb-2020 "Oldes" "FIX: Properly handling chunked data"`
`34`	`34`	`0.3.3 25-Feb-2020 "Oldes" "FEAT: support for read/binary and write/binary to force raw data result"`
	`35`	`+ 0.3.4 26-Feb-2020 "Oldes" "FIX: limit input data according Content-Length (#issues/2386)"`
`35`	`36`	`]`
`36`	`37`	`]`
`37`	`38`
`@@ -617,10 +618,10 @@ check-data: func [port /local headers res data available out chunk-size pos trai`
`617`	`618`	`]`
`618`	`619`	`]`
`619`	`620`	`integer? headers/content-length [`
`620`		`- port/data: conn/data`
`621`		`- either headers/content-length <= length? port/data [`
	`621`	`+ either headers/content-length <= length? conn/data [`
`622`	`622`	`state/state: 'ready`
`623`		`- conn/data: make binary! 32000 ;@@ Oldes: why not just none?`
	`623`	`+ port/data: copy/part conn/data headers/content-length`
	`624`	`+ conn/data: none`
`624`	`625`	`res: state/awake make event! [type: 'custom port: port code: 0]`
`625`	`626`	`][`
`626`	`627`	`;Awake from the WAIT loop to prevent timeout when reading big data. --Richard`
Original file line number	Diff line number	Diff line change
`@@ -38,6 +38,12 @@ my-actor: object [`
`38`	`38`	`ctx/out/header/Location: %/form/`
`39`	`39`	`; request processing will stop with redirection response`
`40`	`40`	`]`
	`41`	`+ %plain/ [`
	`42`	`+ ctx/out/status: 200`
	`43`	`+ ctx/out/header/Content-Type: "text/plain; charset=UTF-8"`
	`44`	`+ ctx/out/content: "hello"`
	`45`	`+ ; request processing will stop with response 200 serving the plain text content`
	`46`	`+ ]`
`41`	`47`	`]`
`42`	`48`	`]`
`43`	`49`	`On-Post-Received: func [ctx [object!]][`