|
@@ -34,7 +34,7 @@ int main(int argc, char* argv[]) { |
|
|
char* m0; |
|
|
char* m0; |
|
|
char* m1; |
|
|
char* m1; |
|
|
char* eoh; |
|
|
char* eoh; |
|
|
size_t nscan; |
|
|
|
|
|
|
|
|
long int nscan; |
|
|
size_t bytes_read; |
|
|
size_t bytes_read; |
|
|
size_t length; |
|
|
size_t length; |
|
|
bool html_fake_base = false; |
|
|
bool html_fake_base = false; |
|
@@ -129,10 +129,14 @@ checkstate: |
|
|
} |
|
|
} |
|
|
m0 += 17; |
|
|
m0 += 17; |
|
|
while (m0 < bufp + n && (*m0 == ' ' || *m0 == '\t')) ++m0; |
|
|
while (m0 < bufp + n && (*m0 == ' ' || *m0 == '\t')) ++m0; |
|
|
if (!sscanf(m0, "%zu%n", &length, &nscan)) { |
|
|
|
|
|
|
|
|
if (sscanf(m0, "%zu%ln", &length, &nscan) <= 0) { |
|
|
fprintf(stderr, "Error: invalid Content-Length\n"); |
|
|
fprintf(stderr, "Error: invalid Content-Length\n"); |
|
|
return 1; |
|
|
return 1; |
|
|
} |
|
|
} |
|
|
|
|
|
if (nscan < 0) { |
|
|
|
|
|
fprintf(stderr, "Error: negative nscan\n"); |
|
|
|
|
|
return 1; |
|
|
|
|
|
} |
|
|
if (nscan > n - (m0 - bufp)) { |
|
|
if (nscan > n - (m0 - bufp)) { |
|
|
fprintf(stderr, "Error: buffer overread\n"); |
|
|
fprintf(stderr, "Error: buffer overread\n"); |
|
|
return 1; |
|
|
return 1; |
|
@@ -250,10 +254,14 @@ checkstate: |
|
|
} |
|
|
} |
|
|
m0 = bufp; |
|
|
m0 = bufp; |
|
|
while (m0 < bufp + n && (*m0 == ' ' || *m0 == '\t')) ++m0; |
|
|
while (m0 < bufp + n && (*m0 == ' ' || *m0 == '\t')) ++m0; |
|
|
if (!sscanf(m0, "%x%n", &length, &nscan)) { |
|
|
|
|
|
|
|
|
if (sscanf(m0, "%zx%ln", &length, &nscan) <= 0) { |
|
|
fprintf(stderr, "Error: invalid chunk length\n"); |
|
|
fprintf(stderr, "Error: invalid chunk length\n"); |
|
|
return 1; |
|
|
return 1; |
|
|
} |
|
|
} |
|
|
|
|
|
if (nscan < 0) { |
|
|
|
|
|
fprintf(stderr, "Error: negative nscan\n"); |
|
|
|
|
|
return 1; |
|
|
|
|
|
} |
|
|
if (nscan > n - (m0 - bufp)) { |
|
|
if (nscan > n - (m0 - bufp)) { |
|
|
fprintf(stderr, "Error: buffer overread\n"); |
|
|
fprintf(stderr, "Error: buffer overread\n"); |
|
|
return 1; |
|
|
return 1; |
|
|