Skip to content

Commit

Permalink
Fix http_parser.nread off-by-one accounting error.
Browse files Browse the repository at this point in the history
Fixes: nodejs#426
PR-URL: nodejs#427
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
  • Loading branch information
bnoordhuis committed May 30, 2018
1 parent a1e0c3a commit a7c2e86
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 4 deletions.
9 changes: 5 additions & 4 deletions http_parser.c
Original file line number Diff line number Diff line change
Expand Up @@ -1339,13 +1339,14 @@ size_t http_parser_execute (http_parser *parser,
}
}

COUNT_HEADER_SIZE(p - start);

if (p == data + len) {
--p;
COUNT_HEADER_SIZE(p - start);
break;
}

COUNT_HEADER_SIZE(p - start);

if (ch == ':') {
UPDATE_STATE(s_header_value_discard_ws);
CALLBACK_DATA(header_field);
Expand Down Expand Up @@ -1634,10 +1635,10 @@ size_t http_parser_execute (http_parser *parser,
}
parser->header_state = h_state;

COUNT_HEADER_SIZE(p - start);

if (p == data + len)
--p;

COUNT_HEADER_SIZE(p - start);
break;
}

Expand Down
17 changes: 17 additions & 0 deletions test.c
Original file line number Diff line number Diff line change
Expand Up @@ -3388,8 +3388,17 @@ test_message (const struct message *message)
size_t msg2len = raw_len - msg1len;

if (msg1len) {
assert(num_messages == 0);
messages[0].headers_complete_cb_called = FALSE;

read = parse(msg1, msg1len);

if (!messages[0].headers_complete_cb_called && parser.nread != read) {
assert(parser.nread == read);
print_error(msg1, read);
abort();
}

if (message->upgrade && parser.upgrade && num_messages > 0) {
messages[num_messages - 1].upgrade = msg1 + read;
goto test;
Expand Down Expand Up @@ -3898,8 +3907,16 @@ test_scan (const struct message *r1, const struct message *r2, const struct mess
strlncpy(buf3, sizeof(buf1), total+j, buf3_len);
buf3[buf3_len] = 0;

assert(num_messages == 0);
messages[0].headers_complete_cb_called = FALSE;

read = parse(buf1, buf1_len);

if (!messages[0].headers_complete_cb_called && parser.nread != read) {
print_error(buf1, read);
goto error;
}

if (parser.upgrade) goto test;

if (read != buf1_len) {
Expand Down

0 comments on commit a7c2e86

Please sign in to comment.