aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorKamil Dudka <kdudka@redhat.com>2015-07-23 11:51:53 +0200
committerKamil Dudka <kdudka@redhat.com>2015-07-23 11:51:53 +0200
commitda650c1e544e3ebb7d43332d0570cd34d31e08b3 (patch)
treefcc7d05c38046039cf2e955b5964f3696deba803 /lib
parent40c921f8b825c80bfe0d34f3137f1ece122369c6 (diff)
http2: verify success of strchr() in http2_send()
Detected by Coverity. Error: NULL_RETURNS: lib/http2.c:1301: returned_null: "strchr" returns null (checked 103 out of 109 times). lib/http2.c:1301: var_assigned: Assigning: "hdbuf" = null return value from "strchr". lib/http2.c:1302: dereference: Incrementing a pointer which might be null: "hdbuf". 1300| 1301| hdbuf = strchr(hdbuf, 0x0a); 1302|-> ++hdbuf; 1303| 1304| authority_idx = 0;
Diffstat (limited to 'lib')
-rw-r--r--lib/http2.c19
1 files changed, 16 insertions, 3 deletions
diff --git a/lib/http2.c b/lib/http2.c
index 0001fae5d..1a2c48649 100644
--- a/lib/http2.c
+++ b/lib/http2.c
@@ -1274,6 +1274,8 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex,
}
/* Extract :method, :path from request line */
end = strchr(hdbuf, ' ');
+ if(!end)
+ goto fail;
nva[0].name = (unsigned char *)":method";
nva[0].namelen = (uint16_t)strlen((char *)nva[0].name);
nva[0].value = (unsigned char *)hdbuf;
@@ -1283,6 +1285,8 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex,
hdbuf = end + 1;
end = strchr(hdbuf, ' ');
+ if(!end)
+ goto fail;
nva[1].name = (unsigned char *)":path";
nva[1].namelen = (uint16_t)strlen((char *)nva[1].name);
nva[1].value = (unsigned char *)hdbuf;
@@ -1299,13 +1303,16 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex,
nva[2].flags = NGHTTP2_NV_FLAG_NONE;
hdbuf = strchr(hdbuf, 0x0a);
+ if(!hdbuf)
+ goto fail;
++hdbuf;
authority_idx = 0;
for(i = 3; i < nheader; ++i) {
end = strchr(hdbuf, ':');
- assert(end);
+ if(!end)
+ goto fail;
if(end - hdbuf == 4 && Curl_raw_nequal("host", hdbuf, 4)) {
authority_idx = i;
nva[i].name = (unsigned char *)":authority";
@@ -1318,7 +1325,8 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex,
hdbuf = end + 1;
for(; *hdbuf == ' '; ++hdbuf);
end = strchr(hdbuf, 0x0d);
- assert(end);
+ if(!end)
+ goto fail;
nva[i].value = (unsigned char *)hdbuf;
nva[i].valuelen = (uint16_t)(end - hdbuf);
nva[i].flags = NGHTTP2_NV_FLAG_NONE;
@@ -1365,7 +1373,7 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex,
NULL, NULL);
}
- free(nva);
+ Curl_safefree(nva);
if(stream_id < 0) {
DEBUGF(infof(conn->data, "http2_send() send error\n"));
@@ -1405,6 +1413,11 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex,
}
return len;
+
+ fail:
+ free(nva);
+ *err = CURLE_SEND_ERROR;
+ return -1;
}
CURLcode Curl_http2_setup(struct connectdata *conn)