Permalink
Browse files

Fix a bug and add more error checking.

  • Loading branch information...
1 parent a0f6b3b commit 72f9d126a83fbcfc5e771db69be131ef60fdcf31 @FooBarWidget committed Jun 21, 2010
Showing with 15 additions and 0 deletions.
  1. +15 −0 multipart.cpp
View
@@ -1,5 +1,6 @@
#include <sys/types.h>
#include <string>
+#include <stdexcept>
class MultipartParser {
public:
@@ -38,6 +39,7 @@ class MultipartParser {
std::string boundary;
char *lookbehind;
+ size_t lookbehindSize;
State state;
int flags;
size_t index;
@@ -115,6 +117,7 @@ class MultipartParser {
delete[] lookbehind;
state = ERROR;
lookbehind = NULL;
+ lookbehindSize = 0;
flags = 0;
index = 0;
headerFieldMark = UNMARKED;
@@ -134,6 +137,7 @@ class MultipartParser {
reset();
this->boundary = "\r\n--" + boundary;
lookbehind = new char[this->boundary.size() + 8];
+ lookbehindSize = this->boundary.size() + 8;
state = START;
}
@@ -222,6 +226,14 @@ class MultipartParser {
return i;
}
+ state = HEADER_FIELD_START;
+ break;
+ case HEADERS_ALMOST_DONE:
+ if (c != LF) {
+ setError("Malformed header ending: LF expected after CR");
+ return i;
+ }
+
state = PART_DATA_START;
break;
case PART_DATA_START:
@@ -301,6 +313,9 @@ class MultipartParser {
if (index > 0) {
// when matching a possible boundary, keep a lookbehind reference
// in case it turns out to be a false lead
+ if (index - 1 >= lookbehindSize) {
+ throw std::out_of_range("index overflows lookbehind buffer");
+ }
lookbehind[index - 1] = c;
} else if (prevIndex > 0) {
// if our boundary turned out to be rubbish, the captured lookbehind

0 comments on commit 72f9d12

Please sign in to comment.