Karol Kosek 71f663b205 LibHTTP: Fix buffer overflow when body is larger than the Content-Length ...

(Actually, this also needs a Content-Encoding header, as response
streaming is disabled then. It didn't fit in the title.)

We were creating too small buffer -- instead of assigning the total
received buffer size, we were using the Content-Length value.

As you can see, the m_buffered_size might now exceed the Content-Length
value, but that will be handled in next commits, regardless if
the response can be streamed or not. :^)

Here's a minimal code that caused crash before:

  printf 'HTTP/1.0 200 OK\r\n%s\r\n%s\r\n\r\n%s' \
      'Content-Encoding: anything' 'Content-Length: 3' \
      ':^)AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' | nc -lN 0.0.0.0 8000
  pro http://0.0.0.0:8000

2021-10-24 23:54:26 +02:00

18 KiB

Raw Blame History

View Raw