# HG changeset patch
# User Olaf Wintermann <olaf.wintermann@gmail.com>
# Date 1723754283 -7200
# Node ID b26bec196a2e26f05eafcc6152555dd2c8cf6bb0
# Parent  40ecc0a6b2806e2255bab6c20798095bd5f3dd6a
fix http_stream_parse_chunk_header: check if the chunk starts with a digit

diff -r 40ecc0a6b280 -r b26bec196a2e src/server/test/io.c
--- a/src/server/test/io.c	Thu Aug 15 22:16:05 2024 +0200
+++ b/src/server/test/io.c	Thu Aug 15 22:38:03 2024 +0200
@@ -186,19 +186,19 @@
     int ret;
     
     ret = http_stream_parse_chunk_header(str, len, TRUE, &chunklen);
-    //UCX_TEST_ASSERT(ret == -1, "ret != -1 (test 1a)");
+    UCX_TEST_ASSERT(ret == -1, "ret != -1 (test 1a)");
     ret = http_stream_parse_chunk_header(str, len, FALSE, &chunklen);
-    //UCX_TEST_ASSERT(ret == -1, "ret != -1 (test 1b)");
+    UCX_TEST_ASSERT(ret == -1, "ret != -1 (test 1b)");
     
     ret = http_stream_parse_chunk_header(str2, len2, TRUE, &chunklen);
-    //UCX_TEST_ASSERT(ret == -1, "ret != -1 (test 1a)");
+    UCX_TEST_ASSERT(ret == -1, "ret != -1 (test 2a)");
     ret = http_stream_parse_chunk_header(str2, len2, FALSE, &chunklen);
-    //UCX_TEST_ASSERT(ret == -1, "ret != -1 (test 1b)");
+    UCX_TEST_ASSERT(ret == -1, "ret != -1 (test 2b)");
     
     ret = http_stream_parse_chunk_header(str3, len3, TRUE, &chunklen);
-    //UCX_TEST_ASSERT(ret == -1, "ret != -1 (test 1a)");
+    UCX_TEST_ASSERT(ret == -1, "ret != -1 (test 3a)");
     ret = http_stream_parse_chunk_header(str3, len3, FALSE, &chunklen);
-    //UCX_TEST_ASSERT(ret == -1, "ret != -1 (test 1b)");
+    UCX_TEST_ASSERT(ret == -1, "ret != -1 (test 3b)");
             
     UCX_TEST_END;
     free(str);
diff -r 40ecc0a6b280 -r b26bec196a2e src/server/util/io.c
--- a/src/server/util/io.c	Thu Aug 15 22:16:05 2024 +0200
+++ b/src/server/util/io.c	Thu Aug 15 22:38:03 2024 +0200
@@ -620,7 +620,7 @@
     if(!hdr_end || i == len) {
         return 0; // incomplete
     }
-    
+       
     if(*hdr_end == '\r') {
         // we also need '\n'
         if(hdr_end[1] != '\n') {
@@ -629,6 +629,12 @@
         i++; // '\n' found
     }
     
+    // check if the first character is a number
+    char f = hdr_start[0];
+    if(!(isdigit(f) || (f >= 'A' && f <= 'F') || (f >= 'a' && f <= 'f'))) {
+        return -1;
+    }
+    
     // parse
     char save_c = *hdr_end;
     *hdr_end = '\0';
@@ -637,7 +643,7 @@
     errno = 0;
     clen = strtoll(hdr_start, &end, 16);
     *hdr_end = save_c;
-    if(end != hdr_end) {
+    if(errno == 0 && end != hdr_end) {
         return -1;
     }
     i++;