diff --git a/http_parser.rl b/http_parser.rl index cb4c7f3..c7622ea 100644 --- a/http_parser.rl +++ b/http_parser.rl @@ -23,6 +23,7 @@ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ #include "http_parser.h" +#include #ifndef NDEBUG # include #endif @@ -198,6 +199,10 @@ do { \ } action content_length { + if (parser->content_length > INT_MAX) { + parser->buffer_overflow = TRUE; + return 0; + } parser->content_length *= 10; parser->content_length += *p - '0'; } @@ -308,7 +313,7 @@ do { \ | "UNLOCK" %{ parser->method = HTTP_UNLOCK; } ); # Not allowing extension methods - HTTP_Version = "HTTP/" digit+ $version_major "." digit+ $version_minor; + HTTP_Version = "HTTP/" digit $version_major "." digit $version_minor; scheme = ( alpha | digit | "+" | "-" | "." )* ; absolute_uri = (scheme ":" (uchar | reserved )*);