From 992f7d6c3a1df7c351dfebba636832d0a7858dc9 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Fri, 8 May 2020 20:02:36 +0200
Subject: detect overflow during percent decoding

---
 hittpd.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/hittpd.c b/hittpd.c
index 1cc12c0..afee1ac 100644
--- a/hittpd.c
+++ b/hittpd.c
@@ -467,7 +467,7 @@ on_message_complete(http_parser *p) {
 
 	char path[PATH_MAX];
 	char name[PATH_MAX + 128];
-	char *s = data->path, *t = path;
+	char *s = data->path, *t = path, *pe = path + sizeof path - 1;
 
 	for (size_t i = 0; s[i]; i++) {
 		if (s[i] == '%') {
@@ -514,6 +514,11 @@ on_message_complete(http_parser *p) {
 		} else {
 			*t++ = s[i];
 		}
+
+		if (t >= pe) {
+			send_error(p, 413, "Payload Too Large");
+			return 0;
+		}
 	}
 	*t = 0;
 
-- 
cgit 1.4.1