X-Git-Url: https://git.m6w6.name/?p=m6w6%2Fext-http;a=blobdiff_plain;f=http_encoding_api.c;h=9475a176b86c47cf1ee653c581b1234faeb415af;hp=18823e8950fbd584abfb92c03a987ed7f2b9f3e1;hb=92f5e5a5df0bff3d8076c1f5ed73590b40849501;hpb=74e0f1a3ccce85707e9b09306bbce5f61a08a509

diff --git a/http_encoding_api.c b/http_encoding_api.c
index 18823e8..9475a17 100644
--- a/http_encoding_api.c
+++ b/http_encoding_api.c
@@ -29,13 +29,13 @@
 
 ZEND_EXTERN_MODULE_GLOBALS(http);
 
-static inline int eol_match(char **line, int *EOL_len)
+static inline int eol_match(char **line, int *eol_len)
 {
 	char *ptr = *line;
 	
 	while (0x20 == *ptr) ++ptr;
 
-	if (ptr == http_locate_eol(*line, EOL_len)) {
+	if (ptr == http_locate_eol(*line, eol_len)) {
 		*line = ptr;
 		return 1;
 	} else {
@@ -46,63 +46,69 @@ static inline int eol_match(char **line, int *EOL_len)
 /* {{{ char *http_encoding_dechunk(char *, size_t, char **, size_t *) */
 PHP_HTTP_API const char *_http_encoding_dechunk(const char *encoded, size_t encoded_len, char **decoded, size_t *decoded_len TSRMLS_DC)
 {
-	const char *e_ptr;
-	char *d_ptr;
-	long rest;
+	int eol_len = 0;
+	char *n_ptr = NULL;
+	const char *e_ptr = encoded;
 	
 	*decoded_len = 0;
 	*decoded = ecalloc(1, encoded_len);
-	d_ptr = *decoded;
-	e_ptr = encoded;
-
-	while ((rest = encoded + encoded_len - e_ptr) > 0) {
-		long chunk_len = 0;
-		int EOL_len = 0, eol_mismatch = 0;
-		char *n_ptr;
-
-		chunk_len = strtol(e_ptr, &n_ptr, 16);
-
-		/* check if:
-		 * - we could not read in chunk size
-		 * - we got a negative chunk size
-		 * - chunk size is greater then remaining size
-		 * - chunk size is not followed by (CR)LF|NUL
-		 */
-		if (	(n_ptr == e_ptr) ||	(chunk_len < 0) || (chunk_len > rest) || 
-				(*n_ptr && (eol_mismatch = !eol_match(&n_ptr, &EOL_len)))) {
-			/* don't fail on apperently not encoded data */
+
+	while ((encoded + encoded_len - e_ptr) > 0) {
+		ulong chunk_len = 0, rest;
+
+		chunk_len = strtoul(e_ptr, &n_ptr, 16);
+
+		/* we could not read in chunk size */
+		if (n_ptr == e_ptr) {
+			/*
+			 * if this is the first turn and there doesn't seem to be a chunk
+			 * size at the begining of the body, do not fail on apparently
+			 * not encoded data and return a copy
+			 */
 			if (e_ptr == encoded) {
+				http_error(HE_NOTICE, HTTP_E_ENCODING, "Data does not seem to be chunked encoded");
 				memcpy(*decoded, encoded, encoded_len);
 				*decoded_len = encoded_len;
 				return encoded + encoded_len;
 			} else {
 				efree(*decoded);
-				if (eol_mismatch) {
-					if (EOL_len == 2) {
-						http_error_ex(HE_WARNING, HTTP_E_ENCODING, "Invalid character (expected 0x0D 0x0A; got: 0x%02X 0x%02X)", *n_ptr, *(n_ptr + 1));
-					} else {
-						http_error_ex(HE_WARNING, HTTP_E_ENCODING, "Invalid character (expected 0x0A; got: 0x%02X)", *n_ptr);
-					}
-				} else {
-					char *error = estrndup(n_ptr, strcspn(n_ptr, "\r\n "));
-					http_error_ex(HE_WARNING, HTTP_E_ENCODING, "Invalid chunk size: '%s' at pos %d", error, n_ptr - encoded);
-					efree(error);
-				}
+				http_error_ex(HE_WARNING, HTTP_E_ENCODING, "Expected chunk size at pos %tu of %zu but got trash", n_ptr - encoded, encoded_len);
 				return NULL;
 			}
-		} else {
-			e_ptr = n_ptr;
 		}
-
+		
 		/* reached the end */
 		if (!chunk_len) {
 			break;
 		}
 
-		memcpy(d_ptr, e_ptr += EOL_len, chunk_len);
-		d_ptr += chunk_len;
-		e_ptr += chunk_len + EOL_len;
+		/* there should be CRLF after the chunk size, but we'll ignore SP+ too */
+		if (*n_ptr && !eol_match(&n_ptr, &eol_len)) {
+			if (eol_len == 2) {
+				http_error_ex(HE_WARNING, HTTP_E_ENCODING, "Expected CRLF at pos %tu of %zu but got 0x%02X 0x%02X", n_ptr - encoded, encoded_len, *n_ptr, *(n_ptr + 1));
+			} else {
+				http_error_ex(HE_WARNING, HTTP_E_ENCODING, "Expected LF at pos %tu of %zu but got 0x%02X", n_ptr - encoded, encoded_len, *n_ptr);
+			}
+		}
+		n_ptr += eol_len;
+		
+		/* chunk size pretends more data than we actually got, so it's probably a truncated message */
+		if (chunk_len > (rest = encoded + encoded_len - n_ptr)) {
+			http_error_ex(HE_WARNING, HTTP_E_ENCODING, "Truncated message: chunk size %lu exceeds remaining data size %lu at pos %tu of %zu", chunk_len, rest, n_ptr - encoded, encoded_len);
+			chunk_len = rest;
+		}
+
+		/* copy the chunk */
+		memcpy(*decoded + *decoded_len, n_ptr, chunk_len);
 		*decoded_len += chunk_len;
+		
+		if (chunk_len == rest) {
+			e_ptr = n_ptr + chunk_len;
+			break;
+		} else {
+			/* advance to next chunk */
+			e_ptr = n_ptr + chunk_len + eol_len;
+		}
 	}
 
 	return e_ptr;
@@ -194,7 +200,7 @@ inline size_t http_finish_buffer(size_t buf_len, char **buf_ptr)
 
 inline size_t http_finish_gzencode_buffer(z_stream *Z, const char *data, size_t data_len, char **buf_ptr)
 {
-	unsigned long crc;
+	ulong crc;
 	char *trailer;
 	
 	crc = crc32(0L, Z_NULL, 0);
@@ -262,7 +268,7 @@ inline STATUS http_verify_gzencode_buffer(const char *data, size_t data_len, con
 		if (data_len <= offset) {
 			goto really_bad_gzip_header;
 		} else {
-			unsigned long crc, cmp;
+			ulong crc, cmp;
 			
 			cmp =  (unsigned) ((data[offset-2] & 0xFF));
 			cmp += (unsigned) ((data[offset-1] & 0xFF) << 8);
@@ -299,7 +305,7 @@ really_bad_gzip_header:
 inline STATUS http_verify_gzdecode_buffer(const char *data, size_t data_len, const char *decoded, size_t decoded_len, int error_level TSRMLS_DC)
 {
 	STATUS status = SUCCESS;
-	unsigned long len, cmp, crc;
+	ulong len, cmp, crc;
 	
 	crc = crc32(0L, Z_NULL, 0);
 	crc = crc32(crc, (const Bytef *) decoded, decoded_len);
@@ -514,7 +520,7 @@ PHP_HTTP_API STATUS _http_encoding_stream_init(http_encoding_stream *s, int gzip
 		HTTP_ENCODING_STREAM_ERROR(status, NULL);
 	}
 	
-	if (s->gzip = gzip) {
+	if ((s->gzip = gzip)) {
 		s->crc = crc32(0L, Z_NULL, 0);
 		*encoded_len = sizeof(http_encoding_gzip_header);
 		*encoded = emalloc(*encoded_len);
@@ -598,7 +604,7 @@ PHP_HTTP_API zend_bool _http_encoding_response_start(size_t content_length TSRML
 			if (content_length) {
 				char cl_header_str[128];
 				size_t cl_header_len;
-				cl_header_len = snprintf(cl_header_str, lenof(cl_header_str), "Content-Length: %lu", (unsigned long) content_length);
+				cl_header_len = snprintf(cl_header_str, lenof(cl_header_str), "Content-Length: %zu", content_length);
 				http_send_header_string_ex(cl_header_str, cl_header_len, 1);
 			}
 		} else {
@@ -616,7 +622,7 @@ PHP_HTTP_API zend_bool _http_encoding_response_start(size_t content_length TSRML
 			
 			HTTP_G(send).gzip_encoding = 0;
 			
-			if (selected = http_negotiate_encoding(&zsupported)) {
+			if ((selected = http_negotiate_encoding(&zsupported))) {
 				STATUS hs = FAILURE;
 				char *encoding = NULL;
 				ulong idx;