From a7c2e8626bf6b5ddc0c891a88cb77ff9b979f006 Mon Sep 17 00:00:00 2001 From: Ben Noordhuis Date: Tue, 1 May 2018 18:05:41 +0200 Subject: [PATCH] Fix http_parser.nread off-by-one accounting error. Fixes: https://github.com/nodejs/http-parser/issues/426 PR-URL: https://github.com/nodejs/http-parser/pull/427 Reviewed-By: Fedor Indutny --- http_parser.c | 9 +++++---- test.c | 17 +++++++++++++++++ 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/http_parser.c b/http_parser.c index f9991c3..908b8f1 100644 --- a/http_parser.c +++ b/http_parser.c @@ -1339,13 +1339,14 @@ reexecute: } } - COUNT_HEADER_SIZE(p - start); - if (p == data + len) { --p; + COUNT_HEADER_SIZE(p - start); break; } + COUNT_HEADER_SIZE(p - start); + if (ch == ':') { UPDATE_STATE(s_header_value_discard_ws); CALLBACK_DATA(header_field); @@ -1634,10 +1635,10 @@ reexecute: } parser->header_state = h_state; - COUNT_HEADER_SIZE(p - start); - if (p == data + len) --p; + + COUNT_HEADER_SIZE(p - start); break; } diff --git a/test.c b/test.c index dc8b36c..5b97fec 100644 --- a/test.c +++ b/test.c @@ -3388,8 +3388,17 @@ test_message (const struct message *message) size_t msg2len = raw_len - msg1len; if (msg1len) { + assert(num_messages == 0); + messages[0].headers_complete_cb_called = FALSE; + read = parse(msg1, msg1len); + if (!messages[0].headers_complete_cb_called && parser.nread != read) { + assert(parser.nread == read); + print_error(msg1, read); + abort(); + } + if (message->upgrade && parser.upgrade && num_messages > 0) { messages[num_messages - 1].upgrade = msg1 + read; goto test; @@ -3898,8 +3907,16 @@ test_scan (const struct message *r1, const struct message *r2, const struct mess strlncpy(buf3, sizeof(buf1), total+j, buf3_len); buf3[buf3_len] = 0; + assert(num_messages == 0); + messages[0].headers_complete_cb_called = FALSE; + read = parse(buf1, buf1_len); + if (!messages[0].headers_complete_cb_called && parser.nread != read) { + print_error(buf1, read); + goto error; + } + if (parser.upgrade) goto test; if (read != buf1_len) {