From a423c260c7e53fe18f112a29059e5abe85969e9f Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@libreserver.org>
Date: Thu, 8 Sep 2022 12:17:50 +0100
Subject: [PATCH] Check length of content-length with caldav

---
 daemon.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/daemon.py b/daemon.py
index f38483f42..25998e477 100644
--- a/daemon.py
+++ b/daemon.py
@@ -18437,6 +18437,14 @@ class PubServer(BaseHTTPRequestHandler):
             print(endpoint_type.upper() + ' has no content-length')
             self._400()
             return
+
+        # check that the content length string is not too long
+        if isinstance(self.headers['Content-length'], str):
+            max_content_size = len(str(self.server.maxMessageLength))
+            if len(self.headers['Content-length']) > max_content_size:
+                self._400()
+                return
+
         length = int(self.headers['Content-length'])
         if length > self.server.max_post_length:
             print(endpoint_type.upper() +