From 5cd4430a8db82727b6690776302a50a8b80b610d Mon Sep 17 00:00:00 2001
From: Felix Lange <fjl@twurst.com>
Date: Thu, 10 Nov 2016 21:14:17 +0100
Subject: [PATCH] swarm/api/http: reject requests without content-length

---
 swarm/api/http/server.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/swarm/api/http/server.go b/swarm/api/http/server.go
index a35672687..9be60ef94 100644
--- a/swarm/api/http/server.go
+++ b/swarm/api/http/server.go
@@ -115,7 +115,11 @@ func handler(w http.ResponseWriter, r *http.Request, a *api.Api) {
 
 	switch {
 	case r.Method == "POST" || r.Method == "PUT":
-		key, err := a.Store(r.Body, r.ContentLength, nil)
+		if r.Header.Get("content-length") == "" {
+			http.Error(w, "Missing Content-Length header in request.", http.StatusBadRequest)
+			return
+		}
+		key, err := a.Store(io.LimitReader(r.Body, r.ContentLength), r.ContentLength, nil)
 		if err == nil {
 			glog.V(logger.Debug).Infof("Content for %v stored", key.Log())
 		} else {
-- 
GitLab