Mercurial > hg > webserver / changeset

--- a/src/server/test/io.c	Thu Aug 15 22:16:05 2024 +0200
+++ b/src/server/test/io.c	Thu Aug 15 22:38:03 2024 +0200
@@ -186,19 +186,19 @@
     int ret;

     ret = http_stream_parse_chunk_header(str, len, TRUE, &chunklen);
-    //UCX_TEST_ASSERT(ret == -1, "ret != -1 (test 1a)");
+    UCX_TEST_ASSERT(ret == -1, "ret != -1 (test 1a)");
     ret = http_stream_parse_chunk_header(str, len, FALSE, &chunklen);
-    //UCX_TEST_ASSERT(ret == -1, "ret != -1 (test 1b)");
+    UCX_TEST_ASSERT(ret == -1, "ret != -1 (test 1b)");

     ret = http_stream_parse_chunk_header(str2, len2, TRUE, &chunklen);
-    //UCX_TEST_ASSERT(ret == -1, "ret != -1 (test 1a)");
+    UCX_TEST_ASSERT(ret == -1, "ret != -1 (test 2a)");
     ret = http_stream_parse_chunk_header(str2, len2, FALSE, &chunklen);
-    //UCX_TEST_ASSERT(ret == -1, "ret != -1 (test 1b)");
+    UCX_TEST_ASSERT(ret == -1, "ret != -1 (test 2b)");

     ret = http_stream_parse_chunk_header(str3, len3, TRUE, &chunklen);
-    //UCX_TEST_ASSERT(ret == -1, "ret != -1 (test 1a)");
+    UCX_TEST_ASSERT(ret == -1, "ret != -1 (test 3a)");
     ret = http_stream_parse_chunk_header(str3, len3, FALSE, &chunklen);
-    //UCX_TEST_ASSERT(ret == -1, "ret != -1 (test 1b)");
+    UCX_TEST_ASSERT(ret == -1, "ret != -1 (test 3b)");

     UCX_TEST_END;
     free(str);
--- a/src/server/util/io.c	Thu Aug 15 22:16:05 2024 +0200
+++ b/src/server/util/io.c	Thu Aug 15 22:38:03 2024 +0200
@@ -620,7 +620,7 @@
     if(!hdr_end || i == len) {
         return 0; // incomplete
     }
-
+
     if(*hdr_end == '\r') {
         // we also need '\n'
         if(hdr_end[1] != '\n') {
@@ -629,6 +629,12 @@
         i++; // '\n' found
     }

+    // check if the first character is a number
+    char f = hdr_start[0];
+    if(!(isdigit(f) || (f >= 'A' && f <= 'F') || (f >= 'a' && f <= 'f'))) {
+        return -1;
+    }
+
     // parse
     char save_c = *hdr_end;
     *hdr_end = '\0';
@@ -637,7 +643,7 @@
     errno = 0;
     clen = strtoll(hdr_start, &end, 16);
     *hdr_end = save_c;
-    if(end != hdr_end) {
+    if(errno == 0 && end != hdr_end) {
         return -1;
     }
     i++;
src/server/test/io.c		file \| annotate \| diff \| comparison \| revisions
src/server/util/io.c		file \| annotate \| diff \| comparison \| revisions