diff options
author | Christian Grothoff <christian@grothoff.org> | 2013-10-30 08:35:28 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2013-10-30 08:35:28 +0000 |
commit | 3fb38e694808965356d6a02447d186107701fa24 (patch) | |
tree | 0442c555f8e27afe9c5ce7e4b34412c797a8b735 /src/microhttpd/postprocessor.c | |
parent | e524263be242e774d76377b04de9b033bd149d2e (diff) | |
download | libmicrohttpd-3fb38e694808965356d6a02447d186107701fa24.tar.gz libmicrohttpd-3fb38e694808965356d6a02447d186107701fa24.zip |
-fix post processor, expanded test suite to cover garbage before payload
Diffstat (limited to 'src/microhttpd/postprocessor.c')
-rw-r--r-- | src/microhttpd/postprocessor.c | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/src/microhttpd/postprocessor.c b/src/microhttpd/postprocessor.c index 0fdf607f..892eabdd 100644 --- a/src/microhttpd/postprocessor.c +++ b/src/microhttpd/postprocessor.c | |||
@@ -533,18 +533,34 @@ find_boundary (struct MHD_PostProcessor *pp, | |||
533 | enum PP_State next_state, enum PP_State next_dash_state) | 533 | enum PP_State next_state, enum PP_State next_dash_state) |
534 | { | 534 | { |
535 | char *buf = (char *) &pp[1]; | 535 | char *buf = (char *) &pp[1]; |
536 | const char *dash; | ||
536 | 537 | ||
537 | if (pp->buffer_pos < 2 + blen) | 538 | if (pp->buffer_pos < 2 + blen) |
538 | { | 539 | { |
539 | if (pp->buffer_pos == pp->buffer_size) | 540 | if (pp->buffer_pos == pp->buffer_size) |
540 | pp->state = PP_Error; /* out of memory */ | 541 | pp->state = PP_Error; /* out of memory */ |
541 | ++(*ioffptr); | 542 | // ++(*ioffptr); |
542 | return MHD_NO; /* not enough data */ | 543 | return MHD_NO; /* not enough data */ |
543 | } | 544 | } |
544 | if ((0 != memcmp ("--", buf, 2)) || (0 != memcmp (&buf[2], boundary, blen))) | 545 | if ((0 != memcmp ("--", buf, 2)) || (0 != memcmp (&buf[2], boundary, blen))) |
545 | { | 546 | { |
546 | if (pp->state != PP_Init) | 547 | if (pp->state != PP_Init) |
547 | pp->state = PP_Error; | 548 | { |
549 | /* garbage not allowed */ | ||
550 | pp->state = PP_Error; | ||
551 | } | ||
552 | else | ||
553 | { | ||
554 | /* skip over garbage (RFC 2046, 5.1.1) */ | ||
555 | dash = memchr (buf, '-', pp->buffer_pos); | ||
556 | if (NULL == dash) | ||
557 | (*ioffptr) += pp->buffer_pos; /* skip entire buffer */ | ||
558 | else | ||
559 | if (dash == buf) | ||
560 | (*ioffptr)++; /* at least skip one byte */ | ||
561 | else | ||
562 | (*ioffptr) += dash - buf; /* skip to first possible boundary */ | ||
563 | } | ||
548 | return MHD_NO; /* expected boundary */ | 564 | return MHD_NO; /* expected boundary */ |
549 | } | 565 | } |
550 | /* remove boundary from buffer */ | 566 | /* remove boundary from buffer */ |
@@ -699,7 +715,7 @@ process_value_to_boundary (struct MHD_PostProcessor *pp, | |||
699 | { | 715 | { |
700 | while (newline + 4 < pp->buffer_pos) | 716 | while (newline + 4 < pp->buffer_pos) |
701 | { | 717 | { |
702 | r = memchr (&buf[newline], '\r', pp->buffer_pos - newline); | 718 | r = memchr (&buf[newline], '\r', pp->buffer_pos - newline - 4); |
703 | if (NULL == r) | 719 | if (NULL == r) |
704 | { | 720 | { |
705 | newline = pp->buffer_pos - 4; | 721 | newline = pp->buffer_pos - 4; |