From c6838374d0e323b78877ae546e1471c400e4652d Mon Sep 17 00:00:00 2001
From: Tom Most <twm@freecog.net>
Date: Mon, 7 Mar 2022 00:32:14 -0800
Subject: [PATCH] Reject non-digit Content-Length

Upstream-Status: Backport [https://github.com/twisted/twisted/commit/8ebfa8f6577431226e109ff98ba48f5152a2c416]
CVE: CVE-2022-24801
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 src/twisted/web/http.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/twisted/web/http.py b/src/twisted/web/http.py
index 262da0b..5316d81 100644
--- a/src/twisted/web/http.py
+++ b/src/twisted/web/http.py
@@ -2274,6 +2274,8 @@ class HTTPChannel(basic.LineReceiver, policies.TimeoutMixin):
 
         # Can this header determine the length?
         if header == b"content-length":
+            if not data.isdigit():
+                return fail()
             try:
                 length = int(data)
             except ValueError: