fix: mitigate potential security buffer-overflows

2024-09-03 22:09:09 +02:00 · 2024-09-03 22:09:09 +02:00 · a20c833796
commit a20c833796
parent b33e45ff35
3 changed files with 34 additions and 9 deletions
--- a/BIN
+++ b/BIN
--- a/tinyparser.c
+++ b/tinyparser.c
@ -44,7 +44,7 @@ int parse_header(char *offset, int len) {
    char *cursor_lim = offset+len;

    // header title
-    char *htitle_lim = strchr(offset, ':');
+    char *htitle_lim = strchr(cursor, ':');
    if (!htitle_lim) {
        return -1;
    }
@ -62,8 +62,17 @@ int parse_header(char *offset, int len) {
    cursor += diff;

    // white space and seperators 
-    while (*cursor == ':' || *cursor == ' ') {
+_loop: 
+    if (cursor > cursor_lim) {
+        return -1;
+    }
+    if (*cursor == ':') {
        cursor++; 
+        goto _loop; 
+    }
+    if (*cursor == ' ') {
+        cursor++;
+        goto _loop;
    }

    // header value
@ -86,6 +95,9 @@ int parse_title(char *offset, int len) {
    if (!method_lim) {
        return -1;
    }
+    if (method_lim > cursor_lim) {
+        return -1;
+    }

    diff = method_lim-cursor;
    ret = streencmp(method_tree, cursor, diff);
@ -97,8 +109,13 @@ int parse_title(char *offset, int len) {
    cursor += diff;

    // white space 
-    while (*cursor == ' ') {
+_loop1: 
+    if (cursor > cursor_lim) {
+        return -1;
+    }
+    if (*cursor == ' ') {
        cursor++;
+        goto _loop1;
    }

    // uri 
@ -106,6 +123,9 @@ int parse_title(char *offset, int len) {
    if (!uri_lim) {
        return -1;
    }
+    if (uri_lim > cursor_lim) {
+        return -1;
+    }

    diff = uri_lim-cursor;
    uri = cursor;
@ -114,8 +134,13 @@ int parse_title(char *offset, int len) {
    cursor += diff;
    
    // white space 
-    while (*cursor == ' ') {
+_loop2:
+    if (cursor > cursor_lim) {
+        return -1;
+    }
+    if (*cursor == ' ') {
        cursor++;
+        goto _loop2;
    }

    // ver
@ -160,9 +185,9 @@ int parse_request(char *buffer) {

 void debug_stats(void) {
    fprintf(stderr, "\tstats:\n"
-                    "\t\tmethod: %d\n"
-                    "\t\turi   : %.*s\n"
-                    "\t\tver   : %.*s\n",
+                    "\t\tmethod\t: %d\n"
+                    "\t\turi\t: %.*s\n"
+                    "\t\tver\t: %.*s\n",
                    method, uri_len, uri, ver_len, ver
            );

@ -173,7 +198,7 @@ void debug_stats(void) {
            continue;
        }

-        fprintf(stdout, "\t\t%d: %.*s\n", i, pnt->len, pnt->er);
+        fprintf(stdout, "\t\t%d\t: %.*s\n", i, pnt->len, pnt->er);
    }
 }