diff options
| author | Christian Grothoff <christian@grothoff.org> | 2013-10-30 08:35:28 +0000 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2013-10-30 08:35:28 +0000 |
| commit | 3fb38e694808965356d6a02447d186107701fa24 (patch) | |
| tree | 0442c555f8e27afe9c5ce7e4b34412c797a8b735 /src/microhttpd/postprocessor.c | |
| parent | e524263be242e774d76377b04de9b033bd149d2e (diff) | |
| download | libmicrohttpd-3fb38e694808965356d6a02447d186107701fa24.tar.gz libmicrohttpd-3fb38e694808965356d6a02447d186107701fa24.zip | |
-fix post processor, expanded test suite to cover garbage before payload
Diffstat (limited to 'src/microhttpd/postprocessor.c')
| -rw-r--r-- | src/microhttpd/postprocessor.c | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/src/microhttpd/postprocessor.c b/src/microhttpd/postprocessor.c index 0fdf607f..892eabdd 100644 --- a/src/microhttpd/postprocessor.c +++ b/src/microhttpd/postprocessor.c | |||
| @@ -533,18 +533,34 @@ find_boundary (struct MHD_PostProcessor *pp, | |||
| 533 | enum PP_State next_state, enum PP_State next_dash_state) | 533 | enum PP_State next_state, enum PP_State next_dash_state) |
| 534 | { | 534 | { |
| 535 | char *buf = (char *) &pp[1]; | 535 | char *buf = (char *) &pp[1]; |
| 536 | const char *dash; | ||
| 536 | 537 | ||
| 537 | if (pp->buffer_pos < 2 + blen) | 538 | if (pp->buffer_pos < 2 + blen) |
| 538 | { | 539 | { |
| 539 | if (pp->buffer_pos == pp->buffer_size) | 540 | if (pp->buffer_pos == pp->buffer_size) |
| 540 | pp->state = PP_Error; /* out of memory */ | 541 | pp->state = PP_Error; /* out of memory */ |
| 541 | ++(*ioffptr); | 542 | // ++(*ioffptr); |
| 542 | return MHD_NO; /* not enough data */ | 543 | return MHD_NO; /* not enough data */ |
| 543 | } | 544 | } |
| 544 | if ((0 != memcmp ("--", buf, 2)) || (0 != memcmp (&buf[2], boundary, blen))) | 545 | if ((0 != memcmp ("--", buf, 2)) || (0 != memcmp (&buf[2], boundary, blen))) |
| 545 | { | 546 | { |
| 546 | if (pp->state != PP_Init) | 547 | if (pp->state != PP_Init) |
| 547 | pp->state = PP_Error; | 548 | { |
| 549 | /* garbage not allowed */ | ||
| 550 | pp->state = PP_Error; | ||
| 551 | } | ||
| 552 | else | ||
| 553 | { | ||
| 554 | /* skip over garbage (RFC 2046, 5.1.1) */ | ||
| 555 | dash = memchr (buf, '-', pp->buffer_pos); | ||
| 556 | if (NULL == dash) | ||
| 557 | (*ioffptr) += pp->buffer_pos; /* skip entire buffer */ | ||
| 558 | else | ||
| 559 | if (dash == buf) | ||
| 560 | (*ioffptr)++; /* at least skip one byte */ | ||
| 561 | else | ||
| 562 | (*ioffptr) += dash - buf; /* skip to first possible boundary */ | ||
| 563 | } | ||
| 548 | return MHD_NO; /* expected boundary */ | 564 | return MHD_NO; /* expected boundary */ |
| 549 | } | 565 | } |
| 550 | /* remove boundary from buffer */ | 566 | /* remove boundary from buffer */ |
| @@ -699,7 +715,7 @@ process_value_to_boundary (struct MHD_PostProcessor *pp, | |||
| 699 | { | 715 | { |
| 700 | while (newline + 4 < pp->buffer_pos) | 716 | while (newline + 4 < pp->buffer_pos) |
| 701 | { | 717 | { |
| 702 | r = memchr (&buf[newline], '\r', pp->buffer_pos - newline); | 718 | r = memchr (&buf[newline], '\r', pp->buffer_pos - newline - 4); |
| 703 | if (NULL == r) | 719 | if (NULL == r) |
| 704 | { | 720 | { |
| 705 | newline = pp->buffer_pos - 4; | 721 | newline = pp->buffer_pos - 4; |