From d95fa648e9da36386c452c624b080bb97cf7c4b4 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 12 Mar 2001 15:20:35 +0000
Subject: made it return illegal hex in case no hexadecimal digit was read when
 at least one was expected

---
 lib/http_chunks.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/lib/http_chunks.c b/lib/http_chunks.c
index bbc208e21..c11003354 100644
--- a/lib/http_chunks.c
+++ b/lib/http_chunks.c
@@ -115,10 +115,15 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn,
           ch->hexindex++;
         }
         else {
-          return 1; /* longer hex than we support */
+          return CHUNKE_TOO_LONG_HEX; /* longer hex than we support */
         }
       }
       else {
+        if(0 == ch->hexindex) {
+          /* This is illegal data, we received junk where we expected
+             a hexadecimal digit. */
+          return CHUNKE_ILLEGAL_HEX;
+        }
         /* length and datap are unmodified */
         ch->hexbuffer[ch->hexindex]=0;
         ch->datasize=strtoul(ch->hexbuffer, NULL, 16);
@@ -127,7 +132,9 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn,
       break;
 
     case CHUNK_POSTHEX:
-      /* just a lame state waiting for CRLF to arrive */
+      /* In this state, we're waiting for CRLF to arrive. We support
+         this to allow so called chunk-extensions to show up here
+         before the CRLF comes. */
       if(*datap == '\r')
         ch->state = CHUNK_CR;
       length--;
-- 
cgit v1.2.3