X-Git-Url: https://git.m6w6.name/?p=m6w6%2Fext-http;a=blobdiff_plain;f=http_api.c;h=999826dfa7af7a6c89bc8bf72e27519ef1d0063c;hp=eec41daa0d7068d964cc26ab7377e15dc6b78fba;hb=eccb12ef12282dbe2ffc47b61d5e62e02fcb071c;hpb=c04184b2188a60efed4753d7eef7f3952aed9cef

diff --git a/http_api.c b/http_api.c
index eec41da..999826d 100644
--- a/http_api.c
+++ b/http_api.c
@@ -22,6 +22,7 @@
 
 #include "SAPI.h"
 #include "ext/standard/url.h"
+#include "ext/standard/head.h"
 
 #include "php_http.h"
 #include "php_http_std_defs.h"
@@ -220,7 +221,7 @@ STATUS _http_exit_ex(int status, char *header, char *body, zend_bool send_header
 		}
 	}
 	
-	if (body) {
+	if (php_header(TSRMLS_C) && body) {
 		PHPWRITE(body, strlen(body));
 	}
 	
@@ -228,6 +229,8 @@ STATUS _http_exit_ex(int status, char *header, char *body, zend_bool send_header
 	{
 		case 301:	http_log(HTTP_G(log).redirect, "301-REDIRECT", header);			break;
 		case 302:	http_log(HTTP_G(log).redirect, "302-REDIRECT", header);			break;
+		case 303:	http_log(HTTP_G(log).redirect, "303-REDIRECT", header);			break;
+		case 307:	http_log(HTTP_G(log).redirect, "307-REDIRECT", header);			break;
 		case 304:	http_log(HTTP_G(log).cache, "304-CACHE", header);				break;
 		case 405:	http_log(HTTP_G(log).allowed_methods, "405-ALLOWED", header);	break;
 		default:	http_log(NULL, header, body);									break;
@@ -295,24 +298,28 @@ PHP_HTTP_API const char *_http_chunked_decode(const char *encoded, size_t encode
 {
 	const char *e_ptr;
 	char *d_ptr;
+	long rest;
 	
 	*decoded_len = 0;
 	*decoded = ecalloc(1, encoded_len);
 	d_ptr = *decoded;
 	e_ptr = encoded;
 
-	while (((e_ptr - encoded) - encoded_len) > 0) {
-		size_t chunk_len = 0, EOL_len = 0;
-		int eol_mismatch = 0;
+	while ((rest = encoded + encoded_len - e_ptr) > 0) {
+		long chunk_len = 0;
+		int EOL_len = 0, eol_mismatch = 0;
 		char *n_ptr;
 
 		chunk_len = strtol(e_ptr, &n_ptr, 16);
 
 		/* check if:
 		 * - we could not read in chunk size
+		 * - we got a negative chunk size
+		 * - chunk size is greater then remaining size
 		 * - chunk size is not followed by (CR)LF|NUL
 		 */
-		if ((n_ptr == e_ptr) || (*n_ptr && (eol_mismatch = n_ptr != http_locate_eol(e_ptr, &EOL_len)))) {
+		if (	(n_ptr == e_ptr) ||	(chunk_len < 0) || (chunk_len > rest) || 
+				(*n_ptr && (eol_mismatch = (n_ptr != http_locate_eol(e_ptr, &EOL_len))))) {
 			/* don't fail on apperently not encoded data */
 			if (e_ptr == encoded) {
 				memcpy(*decoded, encoded, encoded_len);