From 9367b74a3dca3c0d9fca7382030b5b80ba7073ea Mon Sep 17 00:00:00 2001
From: Ryan <ry@tinyclouds.org>
Date: Tue, 9 Jun 2009 16:44:45 +0200
Subject: [PATCH] Check for integer overflow in content-length.

Also only allow single digits in the HTTP version.
Need multiple digits? Convince me.
---
 http_parser.rl | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/http_parser.rl b/http_parser.rl
index cb4c7f3..c7622ea 100644
--- a/http_parser.rl
+++ b/http_parser.rl
@@ -23,6 +23,7 @@
  * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 
  */
 #include "http_parser.h"
+#include <limits.h>
 #ifndef NDEBUG
 # include <assert.h>
 #endif
@@ -198,6 +199,10 @@ do {                                                                 \
   }
 
   action content_length {
+    if (parser->content_length > INT_MAX) {
+      parser->buffer_overflow = TRUE;
+      return 0;
+    }
     parser->content_length *= 10;
     parser->content_length += *p - '0';
   }
@@ -308,7 +313,7 @@ do {                                                                 \
            | "UNLOCK"    %{ parser->method = HTTP_UNLOCK;    }
            ); # Not allowing extension methods
 
-  HTTP_Version = "HTTP/" digit+ $version_major "." digit+ $version_minor;
+  HTTP_Version = "HTTP/" digit $version_major "." digit $version_minor;
 
   scheme = ( alpha | digit | "+" | "-" | "." )* ;
   absolute_uri = (scheme ":" (uchar | reserved )*);