From 2d16d504258264ad196f0d4152e5692df3632d94 Mon Sep 17 00:00:00 2001 From: Cliff Frey Date: Thu, 10 Jun 2010 20:28:11 -0700 Subject: [PATCH] only increment nread while looking at headers This fixes a possible issue where a very large body (one that involves > 80*1024 calls to http_parser_execute) will cause the next request with that parser to return an error because it believes that this is an overflow condition. --- http_parser.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/http_parser.c b/http_parser.c index 7556d92..00e7a76 100644 --- a/http_parser.c +++ b/http_parser.c @@ -327,9 +327,10 @@ size_t http_parser_execute (http_parser *parser, for (p=data, pe=data+len; p != pe; p++) { ch = *p; - if (++nread > HTTP_MAX_HEADER_SIZE && PARSING_HEADER(state)) { + if (PARSING_HEADER(state)) { + ++nread; /* Buffer overflow attack */ - goto error; + if (nread > HTTP_MAX_HEADER_SIZE) goto error; } switch (state) {