diff options
author | Daniel Stenberg <daniel@haxx.se> | 2014-01-16 23:07:54 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2014-01-17 08:37:44 +0100 |
commit | 345891edba32312686e18d8ff185f4476b74e417 (patch) | |
tree | cd7e6661dea2e54c5c633931b50b0d1197527bdb | |
parent | 821094ba728cb2778dd4ebad6ab1bb149504c73e (diff) |
chunked-parser: abort on overflows, allow 64 bit chunks
-rw-r--r-- | lib/http_chunks.c | 13 | ||||
-rw-r--r-- | lib/http_chunks.h | 4 |
2 files changed, 11 insertions, 6 deletions
diff --git a/lib/http_chunks.c b/lib/http_chunks.c index e9fddf588..236543211 100644 --- a/lib/http_chunks.c +++ b/lib/http_chunks.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -31,6 +31,7 @@ #include "http.h" #include "curl_memory.h" #include "non-ascii.h" /* for Curl_convert_to_network prototype */ +#include "strtoofft.h" #define _MPRINTF_REPLACE /* use our functions only */ #include <curl/mprintf.h> @@ -113,7 +114,7 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn, struct Curl_chunker *ch = &conn->chunk; struct SingleRequest *k = &data->req; size_t piece; - size_t length = (size_t)datalen; + curl_off_t length = (curl_off_t)datalen; size_t *wrote = (size_t *)wrotep; *wrote = 0; /* nothing's written yet */ @@ -141,6 +142,7 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn, } } else { + char *endptr; if(0 == ch->hexindex) { /* This is illegal data, we received junk where we expected a hexadecimal digit. */ @@ -155,10 +157,13 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn, if(result) { /* Curl_convert_from_network calls failf if unsuccessful */ /* Treat it as a bad hex character */ - return(CHUNKE_ILLEGAL_HEX); + return CHUNKE_ILLEGAL_HEX ; } - ch->datasize=strtoul(ch->hexbuffer, NULL, 16); + ch->datasize=curlx_strtoofft(ch->hexbuffer, &endptr, 16); + if(errno == ERANGE) + /* over or underflow is an error */ + return CHUNKE_ILLEGAL_HEX; ch->state = CHUNK_POSTHEX; } break; diff --git a/lib/http_chunks.h b/lib/http_chunks.h index b999ab53b..493d8a426 100644 --- a/lib/http_chunks.h +++ b/lib/http_chunks.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -100,7 +100,7 @@ struct Curl_chunker { char hexbuffer[ MAXNUM_SIZE + 1]; int hexindex; ChunkyState state; - size_t datasize; + curl_off_t datasize; size_t dataleft; /* untouched data amount at the end of the last buffer */ }; |