[lusca-cache commit] r13794 - branches/LUSCA_HEAD/libhttp

[codesite-noreply]

Author: adrian.chadd
Date: Mon Feb  2 13:06:02 2009
New Revision: 13794

Modified:
    branches/LUSCA_HEAD/libhttp/HttpMsg.c
    branches/LUSCA_HEAD/libhttp/HttpStatusLine.c

Log:
Ported fix from Squid-2 changesets 12426 and 12441 - fix HTTP version  
parsing.




Modified: branches/LUSCA_HEAD/libhttp/HttpMsg.c
==============================================================================
--- branches/LUSCA_HEAD/libhttp/HttpMsg.c       (original)
+++ branches/LUSCA_HEAD/libhttp/HttpMsg.c       Mon Feb  2 13:06:02 2009
@@ -325,11 +325,11 @@

            /* next should be 1 or more digits */
            maj = 0;
-           for (; i < hmsg->req_end && (xisdigit(hmsg->buf[i])); i++) {
+           for (; i < hmsg->req_end && (xisdigit(hmsg->buf[i])) && maj < 
65536;  
i++) {
                maj = maj * 10;
                maj = maj + (hmsg->buf[i]) - '0';
            }
-           if (i >= hmsg->req_end) {
+           if (i >= hmsg->req_end || maj >= 65536) {
                retcode = -1;
                goto finish;
            }
@@ -345,9 +345,13 @@
            /* next should be one or more digits */
            i++;
            min = 0;
-           for (; i < hmsg->req_end && (xisdigit(hmsg->buf[i])); i++) {
+           for (; i < hmsg->req_end && (xisdigit(hmsg->buf[i])) && min < 
65536;  
i++) {
                min = min * 10;
                min = min + (hmsg->buf[i]) - '0';
+           }
+           if (min >= 65536) {
+                retcode = -1;
+               goto finish;
            }

            /* Find whitespace, end of version */

Modified: branches/LUSCA_HEAD/libhttp/HttpStatusLine.c
==============================================================================
--- branches/LUSCA_HEAD/libhttp/HttpStatusLine.c        (original)
+++ branches/LUSCA_HEAD/libhttp/HttpStatusLine.c        Mon Feb  2 13:06:02 2009
@@ -108,11 +108,11 @@
      /* Format: HTTP/x.x <space> <status code> <space> <reason-phrase> CRLF  
*/
      s = start;
      maj = 0;
-    for (s = start; s < end && xisdigit(*s); s++) {
+    for (s = start; s < end && xisdigit(*s) && maj < 65536; s++) {
        maj = maj * 10;
        maj = maj + *s - '0';
      }
-    if (s >= end) {
+    if (s >= end || maj >= 65536) {
        debug(57, 7) ("httpStatusLineParse: Invalid HTTP reply status 
major.\n");
        return 0;
      }
@@ -124,11 +124,11 @@
      s++;
      /* next should be minor number */
      min = 0;
-    for (; s < end && xisdigit(*s); s++) {
+    for (; s < end && xisdigit(*s) && min < 65536; s++) {
        min = min * 10;
        min = min + *s - '0';
      }
-    if (s >= end) {
+    if (s >= end || min >= 65536) {
        debug(57, 7) ("httpStatusLineParse: Invalid HTTP reply status version  
minor.\n");
        return 0;
      }

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"lusca-commit" group.
To post to this group, send email to lusca-commit@googlegroups.com
To unsubscribe from this group, send email to 
lusca-commit+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/lusca-commit?hl=en
-~----------~----~----~----~------~----~------~--~---