From 379e22a4c0c00193b16fec3c46c4b68cdb63ee1a Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sat, 11 Feb 2012 21:25:57 +0100 Subject: remove the arbitrary MAXLEN limit for response lines (Closes: #658346) --- methods/http.cc | 4 ---- 1 file changed, 4 deletions(-) (limited to 'methods/http.cc') diff --git a/methods/http.cc b/methods/http.cc index 2721b1224..7ddf8e045 100644 --- a/methods/http.cc +++ b/methods/http.cc @@ -534,10 +534,6 @@ bool ServerState::HeaderLine(string Line) if (Line.empty() == true) return true; - // The http server might be trying to do something evil. - if (Line.length() >= MAXLEN) - return _error->Error(_("Got a single header line over %u chars"),MAXLEN); - string::size_type Pos = Line.find(' '); if (Pos == string::npos || Pos+1 > Line.length()) { -- cgit v1.2.3-70-g09d2 From 74865d5d41f9d234625560ac1dd6d9863da27ac4 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 5 Mar 2012 00:19:50 +0100 Subject: ensure that (s)scanf doesn't parse a too long Code now that a previous commit lifted the Line-length limit --- methods/http.cc | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'methods/http.cc') diff --git a/methods/http.cc b/methods/http.cc index 7ddf8e045..7979af299 100644 --- a/methods/http.cc +++ b/methods/http.cc @@ -42,6 +42,7 @@ #include #include #include +#include #include #include @@ -557,7 +558,7 @@ bool ServerState::HeaderLine(string Line) // Evil servers return no version if (Line[4] == '/') { - int const elements = sscanf(Line.c_str(),"HTTP/%u.%u %u%[^\n]",&Major,&Minor,&Result,Code); + int const elements = sscanf(Line.c_str(),"HTTP/%3u.%3u %3u%359[^\n]",&Major,&Minor,&Result,Code); if (elements == 3) { Code[0] = '\0'; @@ -571,7 +572,7 @@ bool ServerState::HeaderLine(string Line) { Major = 0; Minor = 9; - if (sscanf(Line.c_str(),"HTTP %u%[^\n]",&Result,Code) != 2) + if (sscanf(Line.c_str(),"HTTP %3u%359[^\n]",&Result,Code) != 2) return _error->Error(_("The HTTP server sent an invalid reply header")); } @@ -599,9 +600,10 @@ bool ServerState::HeaderLine(string Line) // The length is already set from the Content-Range header if (StartPos != 0) return true; - - if (sscanf(Val.c_str(),"%llu",&Size) != 1) - return _error->Error(_("The HTTP server sent an invalid Content-Length header")); + + Size = strtoull(Val.c_str(), NULL, 10); + if (Size == ULLONG_MAX) + return _error->Errno("HeaderLine", _("The HTTP server sent an invalid Content-Length header")); return true; } -- cgit v1.2.3-70-g09d2 From deb0d61de51d2e30b224720a7c90ff7a6413a346 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 5 Mar 2012 00:20:28 +0100 Subject: fix "(style) Checking if unsigned variable 'Minor' is less than zero." --- methods/http.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'methods/http.cc') diff --git a/methods/http.cc b/methods/http.cc index 7979af299..135771643 100644 --- a/methods/http.cc +++ b/methods/http.cc @@ -582,7 +582,7 @@ bool ServerState::HeaderLine(string Line) Persistent = false; else { - if (Major == 1 && Minor <= 0) + if (Major == 1 && Minor == 0) Persistent = false; else Persistent = true; -- cgit v1.2.3-70-g09d2 From b4a6673c488200a1a52fd2732566ed05a4bc0dbb Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 5 Mar 2012 00:21:25 +0100 Subject: fix "(performance) Possible inefficient checking for 'R' emptiness." --- methods/http.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'methods/http.cc') diff --git a/methods/http.cc b/methods/http.cc index 135771643..d2e03cfbc 100644 --- a/methods/http.cc +++ b/methods/http.cc @@ -1327,7 +1327,7 @@ int HttpMethod::Loop() after the same URI is seen twice in a queue item. */ StringVector &R = Redirected[Queue->DestFile]; bool StopRedirects = false; - if (R.size() == 0) + if (R.empty() == true) R.push_back(Queue->Uri); else if (R[0] == "STOP" || R.size() > 10) StopRedirects = true; -- cgit v1.2.3-70-g09d2