diff options
| author | yangwei <[email protected]> | 2023-07-28 19:26:17 +0800 |
|---|---|---|
| committer | yangwei <[email protected]> | 2023-07-30 21:34:20 +0800 |
| commit | e949298f0fd6d5e609312eab6b502e00f65c74ab (patch) | |
| tree | a0b17f10748126fdddf76a5dd993350423db087a | |
| parent | 09db6e62ea444504cb31d523e6fe1bb03c2c6bdf (diff) | |
🐞 fix(http_recognise): 修复strncasecmp时未对待查找串长度保护,可能读越界的错误v2.0.15
Close TSG-16306
| -rw-r--r-- | src/HTTP_Message_Region.c | 41 |
1 files changed, 21 insertions, 20 deletions
diff --git a/src/HTTP_Message_Region.c b/src/HTTP_Message_Region.c index dae33eb..090513f 100644 --- a/src/HTTP_Message_Region.c +++ b/src/HTTP_Message_Region.c @@ -172,30 +172,31 @@ uchar http_doWithHost(http_parser_t* a_http, http_stream *a_http_stream, char* v return OK; } -uchar http_recogniseTransferEncoding(uchar *trans_Encoding, char *value_data,uint32 value_data_len, int thread_seq) -{ - if(0==strncasecmp(value_data,"chunked",sizeof("chunked")-1)) - *trans_Encoding = HTTP_TRANS_ENCOD_CHUNKED; - else - *trans_Encoding = HTTP_TRANS_ENCOD_OTHERS; +uchar http_recogniseTransferEncoding(uchar *trans_Encoding, char *value_data, uint32 value_data_len, int thread_seq) { + if (value_data_len >= sizeof("chunked") - 1 && 0 == strncasecmp(value_data, "chunked", MIN(sizeof("chunked") - 1, value_data_len))) + *trans_Encoding = HTTP_TRANS_ENCOD_CHUNKED; + else + *trans_Encoding = HTTP_TRANS_ENCOD_OTHERS; - return OK; + return OK; } -uchar http_recogniseContentEncoding(uchar *Cont_Encoding, char *value_data,uint32 value_data_len, int thread_seq) -{ - if(0==strncasecmp(value_data,"gzip", sizeof("gzip")-1)) - *Cont_Encoding = HTTP_CONT_ENCOD_GZIP; - else if(0==strncasecmp(value_data,"compress",sizeof("compress")-1)) - *Cont_Encoding = HTTP_CONT_ENCOD_COMPRESS; - else if(0==strncasecmp(value_data,"deflate",sizeof("deflate")-1)) - *Cont_Encoding = HTTP_CONT_ENCOD_DEFLATE; - else if(0==strncasecmp(value_data,"default",sizeof("default")-1)) - *Cont_Encoding = HTTP_CONT_ENCOD_DEFAULT; - else - *Cont_Encoding = HTTP_CONT_ENCOD_OTHERS; - return OK; + + +uchar http_recogniseContentEncoding(uchar *Cont_Encoding, char *value_data, uint32 value_data_len, int thread_seq) { + if (value_data_len >= sizeof("gzip") - 1 && 0 == strncasecmp(value_data, "gzip", sizeof("gzip") - 1)) + *Cont_Encoding = HTTP_CONT_ENCOD_GZIP; + else if (value_data_len >= sizeof("compress") - 1 && 0 == strncasecmp(value_data, "compress", MIN(sizeof("compress") - 1, value_data_len))) + *Cont_Encoding = HTTP_CONT_ENCOD_COMPRESS; + else if (value_data_len >= sizeof("deflate") - 1 && 0 == strncasecmp(value_data, "deflate", MIN(sizeof("deflate") - 1, value_data_len))) + *Cont_Encoding = HTTP_CONT_ENCOD_DEFLATE; + else if (value_data_len >= sizeof("default") - 1 && 0 == strncasecmp(value_data, "default", MIN(sizeof("default") - 1, value_data_len))) + *Cont_Encoding = HTTP_CONT_ENCOD_DEFAULT; + else + *Cont_Encoding = HTTP_CONT_ENCOD_OTHERS; + return OK; } + uchar http_doWithEncoding(http_parser_t* a_http, http_stream *a_http_stream, char* value, uint32 valuelen, struct streaminfo *a_tcp, int thread_seq, void *a_packet) { |