Skip to content

Commit

Permalink
Check HTTP chunk size, ensure it's reasonable
Browse files Browse the repository at this point in the history
CL: mg: Check HTTP chunk size, ensure it's reasonable

PUBLISHED_FROM=d9f6babd314c092b42ce9e7fe31d6b30a38366a2
  • Loading branch information
Deomid Ryabkov authored and cesantabot committed Sep 27, 2018
1 parent 05c687e commit 8b42353
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 0 deletions.
4 changes: 4 additions & 0 deletions mongoose.c
Expand Up @@ -6311,6 +6311,10 @@ static size_t mg_http_parse_chunk(char *buf, size_t len, char **chunk_data,
n *= 16;
n += (s[i] >= '0' && s[i] <= '9') ? s[i] - '0' : tolower(s[i]) - 'a' + 10;
i++;
if (i > 6) {
/* Chunk size is unreasonable. */
return 0;
}
}

/* Skip new line */
Expand Down
4 changes: 4 additions & 0 deletions src/mg_http.c
Expand Up @@ -564,6 +564,10 @@ static size_t mg_http_parse_chunk(char *buf, size_t len, char **chunk_data,
n *= 16;
n += (s[i] >= '0' && s[i] <= '9') ? s[i] - '0' : tolower(s[i]) - 'a' + 10;
i++;
if (i > 6) {
/* Chunk size is unreasonable. */
return 0;
}
}

/* Skip new line */
Expand Down

0 comments on commit 8b42353

Please sign in to comment.