haiwan
/
http-parser
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Avoid chunk header parsing overflow.

Browse Source 
Recharacterize the chunk header states such that they are bound by the check
for HTTP_MAX_HEADER_SIZE.
v0.6
Sean Cunningham 14 years ago committed by Ryan Dahl
parent 81ca70aec1
commit 10270007bc
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File

13
http_parser.c
Unescape View File

@ -240,15 +240,17 @@ enum state
, s_header_almost_done , s_header_almost_done
, s_chunk_size_start
, s_chunk_size
, s_chunk_parameters
, s_chunk_size_almost_done
, s_headers_almost_done , s_headers_almost_done
/* Important: 's_headers_almost_done' must be the last 'header' state. All /* Important: 's_headers_almost_done' must be the last 'header' state. All
* states beyond this must be 'body' states. It is used for overflow * states beyond this must be 'body' states. It is used for overflow
* checking. See the PARSING_HEADER() macro. * checking. See the PARSING_HEADER() macro.
*/ */
, s_chunk_size_start
, s_chunk_size
, s_chunk_size_almost_done
, s_chunk_parameters
, s_chunk_data , s_chunk_data
, s_chunk_data_almost_done , s_chunk_data_almost_done
, s_chunk_data_done , s_chunk_data_done
@ -1458,6 +1460,7 @@ size_t http_parser_execute (http_parser *parser,
case s_chunk_size_start: case s_chunk_size_start:
{ {
assert(nread == 1);
assert(parser->flags & F_CHUNKED); assert(parser->flags & F_CHUNKED);
c = unhex[(unsigned char)ch]; c = unhex[(unsigned char)ch];
@ -1507,6 +1510,8 @@ size_t http_parser_execute (http_parser *parser,
assert(parser->flags & F_CHUNKED); assert(parser->flags & F_CHUNKED);
STRICT_CHECK(ch != LF); STRICT_CHECK(ch != LF);
nread = 0;
if (parser->content_length == 0) { if (parser->content_length == 0) {
parser->flags |= F_TRAILING; parser->flags |= F_TRAILING;
state = s_header_field_start; state = s_header_field_start;

Write Preview
Loading…
Cancel
Save