d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Reset bufpos to 0 immediately after refilling the buffer. Otherwise, we

Browse Source 
risk leaving the connection in an indeterminate state if the server fails
to send a chunk delimiter.  Depending on the application and on the sizes
of the preceding chunks, the result can be anything from missing data to a
segfault.  With this patch, it will be reported as a protocol error.

PR:		204771
MFC after:	1 week
This commit is contained in:
Dag-Erling Smørgrav 2015-12-16 09:17:07 +00:00
parent 942e4b4b79
commit a568844c67
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/libfetch/http.c
View File

@ -246,8 +246,9 @@ http_fillbuf(struct httpio *io, size_t len)
io->error = errno;
return (-1);
}
io->bufpos = 0;
io->buflen = nbytes;
io->chunksize -= io->buflen;
io->chunksize -= nbytes;
if (io->chunksize == 0) {
if (fetch_read(io->conn, &ch, 1) != 1 || ch != '\r' ||
@ -255,8 +256,6 @@ http_fillbuf(struct httpio *io, size_t len)
return (-1);
}
io->bufpos = 0;
return (io->buflen);
}