CVS commit: src/libexec/httpd

[Maya Rashish]

Module Name:    src
Committed By:   maya
Date:           Sat Dec 15 01:02:34 UTC 2018

Modified Files:
        src/libexec/httpd: bozohttpd.c

Log Message:
Check against BOZO_HEADERS_MAX_SIZE in a way that isn't prone to overflow.
Note that this isn't reachable in practice as big requests time out.


To generate a diff of this commit:
cvs rdiff -u -r1.101 -r1.102 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.101 src/libexec/httpd/bozohttpd.c:1.102
--- src/libexec/httpd/bozohttpd.c:1.101	Tue Dec  4 02:52:42 2018
+++ src/libexec/httpd/bozohttpd.c	Sat Dec 15 01:02:34 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.101 2018/12/04 02:52:42 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.102 2018/12/15 01:02:34 maya Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -585,12 +585,14 @@ process_method(bozo_httpreq_t *request, 
 static int
 bozo_got_header_length(bozo_httpreq_t *request, size_t len)
 {
+
+	if (len > BOZO_HEADERS_MAX_SIZE - request->hr_header_bytes)
+		return bozo_http_error(request->hr_httpd, 413, request,
+			"too many headers");
+
 	request->hr_header_bytes += len;
-	if (request->hr_header_bytes < BOZO_HEADERS_MAX_SIZE)
-		return 0;
 
-	return bozo_http_error(request->hr_httpd, 413, request,
-		"too many headers");
+	return 0;
 }
 
 /*