From b1e1dd967a4f929a239f8d26829304c03d43dcf9 Mon Sep 17 00:00:00 2001
From: Hans Nilsson <hans@erlang.org>
Date: Tue, 12 May 2015 17:41:26 +0200
Subject: inets: reject negative content-length

---
 lib/inets/src/http_server/httpd_request.erl | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'lib/inets/src')

diff --git a/lib/inets/src/http_server/httpd_request.erl b/lib/inets/src/http_server/httpd_request.erl
index 6985065c3e..3ff07616f9 100644
--- a/lib/inets/src/http_server/httpd_request.erl
+++ b/lib/inets/src/http_server/httpd_request.erl
@@ -417,8 +417,12 @@ check_header({"content-length", Value}, Maxsizes) ->
     case length(Value) =< MaxLen of
 	true ->
 	    try 
-		_ = list_to_integer(Value),
-		ok
+		list_to_integer(Value)
+	    of
+		I when I>= 0 ->
+		    ok;
+		_ ->
+		    {error, {size_error, Max, 411, "negative content-length"}}
 	    catch _:_ ->
 		    {error, {size_error, Max, 411, "content-length not an integer"}}
 	    end;
-- 
cgit v1.2.3