Check for integer overflow in content-length.

Also only allow single digits in the HTTP version.
Need multiple digits? Convince me.
version0.2
Ryan 16 years ago
parent b0e94e51f5
commit 9367b74a3d

@ -23,6 +23,7 @@
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/ */
#include "http_parser.h" #include "http_parser.h"
#include <limits.h>
#ifndef NDEBUG #ifndef NDEBUG
# include <assert.h> # include <assert.h>
#endif #endif
@ -198,6 +199,10 @@ do { \
} }
action content_length { action content_length {
if (parser->content_length > INT_MAX) {
parser->buffer_overflow = TRUE;
return 0;
}
parser->content_length *= 10; parser->content_length *= 10;
parser->content_length += *p - '0'; parser->content_length += *p - '0';
} }
@ -308,7 +313,7 @@ do { \
| "UNLOCK" %{ parser->method = HTTP_UNLOCK; } | "UNLOCK" %{ parser->method = HTTP_UNLOCK; }
); # Not allowing extension methods ); # Not allowing extension methods
HTTP_Version = "HTTP/" digit+ $version_major "." digit+ $version_minor; HTTP_Version = "HTTP/" digit $version_major "." digit $version_minor;
scheme = ( alpha | digit | "+" | "-" | "." )* ; scheme = ( alpha | digit | "+" | "-" | "." )* ;
absolute_uri = (scheme ":" (uchar | reserved )*); absolute_uri = (scheme ":" (uchar | reserved )*);

Loading…
Cancel
Save