Check HTTP chunk size, ensure it's reasonable

CL: mg: Check HTTP chunk size, ensure it's reasonable PUBLISHED_FROM=d9f6babd314c092b42ce9e7fe31d6b30a38366a2

Check HTTP chunk size, ensure it's reasonable
CL: mg: Check HTTP chunk size, ensure it's reasonable PUBLISHED_FROM=d9f6babd314c092b42ce9e7fe31d6b30a38366a2
8b423530 · Deomid Ryabkov · Cesanta Bot · 05c687e2 · 8b423530 · 8b423530
Commit 8b423530 authored Sep 27, 2018 by Deomid Ryabkov Committed by Cesanta Bot Sep 27, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 0 deletions

mongoose.c mongoose.c +4 -0

mg_http.c src/mg_http.c +4 -0

No files found.
--- a/mongoose.c
+++ b/mongoose.c
@@ -6311,6 +6311,10 @@ static size_t mg_http_parse_chunk(char *buf, size_t len, char **chunk_data,
    n *= 16;
    n += (s[i] >= '0' && s[i] <= '9') ? s[i] - '0' : tolower(s[i]) - 'a' + 10;
    i++;
+    if (i > 6) {
+      /* Chunk size is unreasonable. */
+      return 0;
+    }
  }

  /* Skip new line */

--- a/src/mg_http.c
+++ b/src/mg_http.c
@@ -564,6 +564,10 @@ static size_t mg_http_parse_chunk(char *buf, size_t len, char **chunk_data,
    n *= 16;
    n += (s[i] >= '0' && s[i] <= '9') ? s[i] - '0' : tolower(s[i]) - 'a' + 10;
    i++;
+    if (i > 6) {
+      /* Chunk size is unreasonable. */
+      return 0;
+    }
  }

  /* Skip new line */