only increment nread while looking at headers

This fixes a possible issue where a very large body (one that involves > 80*1024 calls to http_parser_execute) will cause the next request with that parser to return an error because it believes that this is an overflow condition.
15 years ago · 2d16d50425
parent b413961182
commit 2d16d50425
1 changed files with 3 additions and 2 deletions
--- a/http_parser.c
+++ b/http_parser.c
@ -327,9 +327,10 @@ size_t http_parser_execute (http_parser *parser,
  for (p=data, pe=data+len; p != pe; p++) {
    ch = *p;

-    if (++nread > HTTP_MAX_HEADER_SIZE && PARSING_HEADER(state)) {
+    if (PARSING_HEADER(state)) {
+      ++nread;
      /* Buffer overflow attack */
-      goto error;
+      if (nread > HTTP_MAX_HEADER_SIZE) goto error;
    }

    switch (state) {