LibHTTP: Trim received data to Content-Length

Apparently servers will feel free to pad their response if they send one that contains a content-length field. We should not assume that the entirety of the response is valid data.
Author: https://github.com/alimpfard Commit: a63e8c4a03 Pull-request: https://github.com/SerenityOS/serenity/pull/2067
2025-06-28 05:01:54 +00:00 · 2020-05-02 22:48:40 +04:30 · 2020-05-02 22:48:40 +04:30 · a63e8c4a03 · 2024-07-19 07:02:31 +09:00
commit a63e8c4a03
parent ce0bed0482
2 changed files with 9 additions and 3 deletions
--- a/Libraries/LibHTTP/HttpJob.cpp
+++ b/Libraries/LibHTTP/HttpJob.cpp
@ -158,8 +158,11 @@ void HttpJob::on_socket_connected()
        auto content_length_header = m_headers.get("Content-Length");
        if (content_length_header.has_value()) {
            bool ok;
-            if (m_received_size >= content_length_header.value().to_uint(ok) && ok)
-                return finish_up();
+            auto content_length = content_length_header.value().to_uint(ok);
+            if (ok && m_received_size >= content_length) {
+                m_received_size = content_length;
+                finish_up();
+            }
        }
    };
 }