libmicrohttpd

commit a37a83ff3ea2249b87176113dfb3e4ae2fec524e
parent 1ffe7932df675100f7260393c24f307b83fa95b4
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
Date:   Mon,  7 Nov 2022 11:49:36 +0300

testcurl: fixed checking response headers as null-terminated string

Diffstat:
M
src/testcurl/test_get_close_keep_alive.c
 | 
6
+++---
M
src/testcurl/test_head.c
 | 
12
++++++++++--
M
src/testcurl/test_toolarge.c
 | 
11
++++++++---

3 files changed, 21 insertions(+), 8 deletions(-)
diff --git a/src/testcurl/test_get_close_keep_alive.c b/src/testcurl/test_get_close_keep_alive.c
@@ -162,7 +162,7 @@ _libcurlErrorExit_func (const char *errDesc, const char *funcName, int lineNum)
 #define HDR_CONN_CLOSE_VALUE      "close"
 #define HDR_CONN_CLOSE            MHD_HTTP_HEADER_CONNECTION ": " \
                                   HDR_CONN_CLOSE_VALUE
-#define HDR_CONN_KEEP_ALIVE_VALUE "keep-alive"
+#define HDR_CONN_KEEP_ALIVE_VALUE "Keep-Alive"
 #define HDR_CONN_KEEP_ALIVE       MHD_HTTP_HEADER_CONNECTION ": " \
                                   HDR_CONN_KEEP_ALIVE_VALUE
 
@@ -255,10 +255,10 @@ lcurl_hdr_callback (char *buffer, size_t size, size_t nitems,
                          strlen (MHD_HTTP_VERSION_1_0))))
     check_res->found_http10 = 1;
   else if ((data_size == strlen (HDR_CONN_CLOSE) + 2) &&
-           (0 == strncasecmp (buffer, HDR_CONN_CLOSE "\r\n", data_size)))
+           (0 == memcmp (buffer, HDR_CONN_CLOSE "\r\n", data_size)))
     check_res->found_conn_close = 1;
   else if ((data_size == strlen (HDR_CONN_KEEP_ALIVE) + 2) &&
-           (0 == strncasecmp (buffer, HDR_CONN_KEEP_ALIVE "\r\n", data_size)))
+           (0 == memcmp (buffer, HDR_CONN_KEEP_ALIVE "\r\n", data_size)))
     check_res->found_conn_keep_alive = 1;
 
   return data_size;
diff --git a/src/testcurl/test_head.c b/src/testcurl/test_head.c
@@ -274,10 +274,13 @@ lcurl_hdr_callback (char *buffer, size_t size, size_t nitems,
     int res;
     const unsigned int numbers_pos =
       MHD_STATICSTR_LEN_ (MHD_HTTP_HEADER_CONTENT_LENGTH ": ");
-    res = snprintf (cmpbuf, sizeof(cmpbuf), "%u\r\n", check_res->expected_size);
+    res = snprintf (cmpbuf, sizeof(cmpbuf), "%u", check_res->expected_size);
     if ((res <= 0) || (res > ((int) (sizeof(cmpbuf) - 1))))
       externalErrorExit ();
-    if (0 != strcmp (buffer + numbers_pos, cmpbuf))
+    if (data_size - numbers_pos <= 2)
+      mhdErrorExitDesc ("Broken Content-Length");
+    else if ((((size_t) res + 2) != data_size - numbers_pos) ||
+             (0 != memcmp (buffer + numbers_pos, cmpbuf, (size_t) res)))
     {
       fprintf (stderr, "Wrong Content-Length.\n"
                "Expected:\n%u\n"
@@ -285,6 +288,11 @@ lcurl_hdr_callback (char *buffer, size_t size, size_t nitems,
                buffer + numbers_pos);
       mhdErrorExitDesc ("Wrong Content-Length");
     }
+    else if (0 != memcmp ("\r\n", buffer + data_size - 2, 2))
+    {
+      mhdErrorExitDesc ("The Content-Length header is not " \
+                        "terminated by CRLF");
+    }
     check_res->size_found++;
   }
 
diff --git a/src/testcurl/test_toolarge.c b/src/testcurl/test_toolarge.c
@@ -273,12 +273,17 @@ lcurl_hdr_callback (char *buffer, size_t size, size_t nitems,
     check_res->num_n1_headers++;
   else if ((5 <= data_size) && ('0' == buffer[0]))
   {
-    const char *const col_ptr = strstr (buffer, ": ");
+    const char *const col_ptr = memchr (buffer, ':', data_size);
     if (0 != check_res->large_header_value_size)
       mhdErrorExitDesc ("Expected only one large header, " \
                         "but found two large headers in the reply");
-    check_res->large_header_valid = 0;
-    if (NULL != col_ptr)
+    if (NULL == col_ptr)
+      check_res->large_header_valid = 0;
+    else if ((size_t) (col_ptr - buffer) >= data_size - 2)
+      check_res->large_header_valid = 0;
+    else if (*(col_ptr + 1) != ' ')
+      check_res->large_header_valid = 0;
+    else
     {
       const char *const name = buffer;
       const size_t name_len = (size_t) (col_ptr - buffer);