From 5a7be627970d49de6cfdb1270ce0bae2a1459e4e Mon Sep 17 00:00:00 2001
From: Vincent Petry <pvince81@owncloud.com>
Date: Thu, 20 Oct 2016 17:13:26 +0200
Subject: Sanitize length headers when validating quota (#26421)

---
 lib/private/connector/sabre/quotaplugin.php |  5 +++--
 tests/lib/connector/sabre/quotaplugin.php   | 20 +++++++++++++-------
 2 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/lib/private/connector/sabre/quotaplugin.php b/lib/private/connector/sabre/quotaplugin.php
index 59d0e188f66..46535da4f7e 100644
--- a/lib/private/connector/sabre/quotaplugin.php
+++ b/lib/private/connector/sabre/quotaplugin.php
@@ -85,12 +85,13 @@ class OC_Connector_Sabre_QuotaPlugin extends \Sabre\DAV\ServerPlugin {
 	public function getLength() {
 		$req = $this->server->httpRequest;
 		$length = $req->getHeader('X-Expected-Entity-Length');
-		if (!$length) {
+		if (!is_numeric($length)) {
 			$length = $req->getHeader('Content-Length');
+			$length = is_numeric($length) ? $length : null;
 		}
 
 		$ocLength = $req->getHeader('OC-Total-Length');
-		if ($length && $ocLength) {
+		if (is_numeric($length) && is_numeric($ocLength)) {
 			return max($length, $ocLength);
 		}
 
diff --git a/tests/lib/connector/sabre/quotaplugin.php b/tests/lib/connector/sabre/quotaplugin.php
index f08637854ce..002cc280649 100644
--- a/tests/lib/connector/sabre/quotaplugin.php
+++ b/tests/lib/connector/sabre/quotaplugin.php
@@ -80,13 +80,19 @@ class Test_OC_Connector_Sabre_QuotaPlugin extends \Test\TestCase {
 	}
 
 	public function lengthProvider() {
-		return array(
-			array(null, array()),
-			array(1024, array('HTTP_X_EXPECTED_ENTITY_LENGTH' => '1024')),
-			array(512, array('HTTP_CONTENT_LENGTH' => '512')),
-			array(2048, array('HTTP_OC_TOTAL_LENGTH' => '2048', 'HTTP_CONTENT_LENGTH' => '1024')),
-			array(4096, array('HTTP_OC_TOTAL_LENGTH' => '2048', 'HTTP_X_EXPECTED_ENTITY_LENGTH' => '4096')),
-		);
+		return [
+			[null, []],
+			[1024, ['HTTP_X_EXPECTED_ENTITY_LENGTH' => '1024']],
+			[512, ['HTTP_CONTENT_LENGTH' => '512']],
+			[2048, ['HTTP_OC_TOTAL_LENGTH' => '2048', 'HTTP_CONTENT_LENGTH' => '1024']],
+			[4096, ['HTTP_OC_TOTAL_LENGTH' => '2048', 'HTTP_X_EXPECTED_ENTITY_LENGTH' => '4096']],
+			[null, ['HTTP_X_EXPECTED_ENTITY_LENGTH' => 'A']],
+			[null, ['HTTP_CONTENT_LENGTH' => 'A']],
+			[1024, ['HTTP_OC_TOTAL_LENGTH' => 'A', 'HTTP_CONTENT_LENGTH' => '1024']],
+			[1024, ['HTTP_OC_TOTAL_LENGTH' => 'A', 'HTTP_X_EXPECTED_ENTITY_LENGTH' => '1024']],
+			[null, ['HTTP_OC_TOTAL_LENGTH' => '2048', 'HTTP_X_EXPECTED_ENTITY_LENGTH' => 'A']],
+			[null, ['HTTP_OC_TOTAL_LENGTH' => '2048', 'HTTP_CONTENT_LENGTH' => 'A']],
+		];
 	}
 
 	private function buildFileViewMock($quota) {
-- 
cgit v1.2.3