W3C home > Mailing lists > Public > www-lib@w3.org > January to March 2001

Re: one more bug in HTTChunk.c

From: Karl-Otto Linn <linn@informatik.fh-wiesbaden.de>
Date: Mon, 26 Mar 2001 22:11:08 +0200
Message-ID: <3ABFA25C.2D7C0F7C@informatik.fh-wiesbaden.de>
To: Jens Meggers <jens.meggers@firepad.com>
CC: "'www-lib@w3.org'" <www-lib@w3.org>
Hi Jens,
I have done your modifications in my version of libwww too. I have additionally added (for win32)
an "_ASSERT (me)" at the beginning and I have limited the length of line (to 70 char).
Karl-Otto


PRIVATE BOOL HTChunkDecode_header (HTStream * me) 
{
    char * line;
	_ASSERT( me );  //linn
	line = HTChunk_data(me->buf);
    if (line) {
		char *errstr = NULL;
		me->left = strtol(line, &errstr, 16);    /* hex! */
		HTTRACE(STREAM_TRACE, "Chunked..... `%s\' chunk size: %X\n" _ line _ me->left);
		if (errstr == line) {
//			HTDEBUGBREAK("Chunk decoder received illigal chunk size: `%s\'\n" _ line);
			printf("Chunk decoder received illegal chunk size: %.70s\n",line); //linn
			return NO;
		}


Jens Meggers wrote:
> 
> Hi,
> 
> sorry for bombing you with bug reports, but there is an additional bug in
> HTTChunk.c. In the procedure HTChunkDecode_header(), there is a user
> breakpoint for the case the chunk length is not present in a line where it
> is expected. I understand that a bug in a web server may cause such problem.
> In order to graceful recover from such a request, the function should return
> an error code in
> 
>                 if (errstr == line) {
>                     HTDEBUGBREAK("Chunk decoder received illigal chunk size:
> `%s\'\n" _ line);
>                         return NO;
>                 }
> 
> The original version just continues, and returns a zero, causing the chunk
> decoder to screw up. I just added the "return NO" code.
> 
> Regards,
> 
> Jens
> 
> /*
> **      Chunked Decoder stream
> */
> PRIVATE BOOL HTChunkDecode_header (HTStream * me)
> {
>     char * line = HTChunk_data(me->buf);
>     if (line) {
> 
>                 char *errstr = NULL;
>                 me->left = strtol(line, &errstr, 16);    /* hex! */
>                 HTTRACE(STREAM_TRACE, "Chunked..... `%s\' chunk size: %X\n"
> _ line _ me->left);
> 
>                 if (errstr == line) {
>                     HTDEBUGBREAK("Chunk decoder received illigal chunk size:
> `%s\'\n" _ line);
>                         return NO;
>                 }
> 
>                 if (me->left > 0) {
>                     me->total += me->left;
> 
>                     /* Look for arguments */
> 
>                     HTChunk_clear(me->buf);
> 
>                 } else if (me->left == 0)                             /*
> Last chunk */
> 
>                     me->lastchunk = YES;
> 
>                 else if (me->left < 0)
> 
>                     return NO;
> 
>                 return YES;
>     }
> 
>     return NO;
> }
Received on Tuesday, 27 March 2001 12:01:42 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 23 April 2007 18:18:39 GMT