diff options
| author | Leah Neukirchen <leah@vuxu.org> | 2020-05-08 20:02:36 +0200 |
|---|---|---|
| committer | Leah Neukirchen <leah@vuxu.org> | 2020-05-08 20:02:36 +0200 |
| commit | 992f7d6c3a1df7c351dfebba636832d0a7858dc9 (patch) | |
| tree | b6f01f904e6741d271fcc9ffcb215d5c28c30e73 | |
| parent | 8c03a1cb66412ba184c221192c8ac32f4865c262 (diff) | |
| download | hittpd-992f7d6c3a1df7c351dfebba636832d0a7858dc9.tar.gz hittpd-992f7d6c3a1df7c351dfebba636832d0a7858dc9.tar.xz hittpd-992f7d6c3a1df7c351dfebba636832d0a7858dc9.zip | |
detect overflow during percent decoding
| -rw-r--r-- | hittpd.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/hittpd.c b/hittpd.c index 1cc12c0..afee1ac 100644 --- a/hittpd.c +++ b/hittpd.c @@ -467,7 +467,7 @@ on_message_complete(http_parser *p) { char path[PATH_MAX]; char name[PATH_MAX + 128]; - char *s = data->path, *t = path; + char *s = data->path, *t = path, *pe = path + sizeof path - 1; for (size_t i = 0; s[i]; i++) { if (s[i] == '%') { @@ -514,6 +514,11 @@ on_message_complete(http_parser *p) { } else { *t++ = s[i]; } + + if (t >= pe) { + send_error(p, 413, "Payload Too Large"); + return 0; + } } *t = 0; |