Protect from DoS with negative Content-Length

mongoose.c

@@ -3858,7 +3858,8 @@ static void discard_current_request_from_buffer(struct mg_connection *conn) {
   buffered_len = conn->data_len - conn->request_len;
   assert(buffered_len >= 0);
 
-  if (conn->content_len == -1) {
+  if (conn->content_len <= 0) {
+    // Protect from negative Content-Length, too
     body_len = 0;
   } else if (conn->content_len < (int64_t) buffered_len) {
     body_len = (int) conn->content_len;

test/test.pl

@@ -181,6 +181,8 @@ spawn($cmd);
 req('POST ' . '/..' x 100 . 'ABCD' x 3000 . "\n\n", 0); # don't log this one
 
 o("GET /hello.txt HTTP/1.0\n\n", 'HTTP/1.1 200 OK', 'GET regular file');
+o("GET /hello.txt HTTP/1.0\nContent-Length: -2147483648\n\n",
+  'HTTP/1.1 200 OK', 'Negative content length');
 o("GET /hello.txt HTTP/1.0\n\n", 'Content-Length: 17\s',
   'GET regular file Content-Length');
 o("GET /%68%65%6c%6c%6f%2e%74%78%74 HTTP/1.0\n\n",