X-Git-Url: https://git.m6w6.name/?p=m6w6%2Fext-http;a=blobdiff_plain;f=http_message_api.c;h=d175201913996af652c287015b218d1de52c1842;hp=675cb48fec0edac06bc5103dbaa23110a00e1147;hb=3f048c60b3f3b8151eb86121eed8c9b8927c55dc;hpb=e83a7438dc70ed96630887246a1d3aefcf155b1c diff --git a/http_message_api.c b/http_message_api.c index 675cb48..d175201 100644 --- a/http_message_api.c +++ b/http_message_api.c @@ -147,6 +147,7 @@ PHP_HTTP_API http_message *_http_message_parse_ex(http_message *msg, const char if (body = http_locate_body(message)) { zval *c; const char *continue_at = NULL; + size_t remaining = message + message_length - body; /* message has chunked transfer encoding */ if ((c = http_message_header(msg, "Transfer-Encoding")) && (!strcasecmp("chunked", Z_STRVAL_P(c)))) { @@ -159,7 +160,7 @@ PHP_HTTP_API http_message *_http_message_parse_ex(http_message *msg, const char char *tmp; int tmp_len; - tmp_len = (int) spprintf(&tmp, 0, "%lu", (ulong) decoded_len); + tmp_len = (int) spprintf(&tmp, 0, "%zu", decoded_len); MAKE_STD_ZVAL(len); ZVAL_STRINGL(len, tmp, tmp_len, 0); @@ -174,16 +175,21 @@ PHP_HTTP_API http_message *_http_message_parse_ex(http_message *msg, const char /* message has content-length header */ if (c = http_message_header(msg, "Content-Length")) { - long len = atol(Z_STRVAL_P(c)); + ulong len = strtoul(Z_STRVAL_P(c), NULL, 10); + if (len > remaining) { + http_error_ex(HE_NOTICE, HTTP_E_MALFORMED_HEADERS, "The Content-Length header pretends a larger body than actually received (expected %lu bytes; got %lu bytes)", len, remaining); + len = remaining; + } phpstr_from_string_ex(PHPSTR(msg), body, len); continue_at = body + len; } else /* message has content-range header */ if (c = http_message_header(msg, "Content-Range")) { - ulong total = 0, start = 0, end = 0; + ulong total = 0, start = 0, end = 0, len = 0; - if (!strncasecmp(Z_STRVAL_P(c), "bytes=", lenof("bytes="))) { + if (!strncasecmp(Z_STRVAL_P(c), "bytes", lenof("bytes")) && + (Z_STRVAL_P(c)[lenof("bytes")] == '=' || Z_STRVAL_P(c)[lenof("bytes")] == ' ')) { char *total_at = NULL, *end_at = NULL; char *start_at = Z_STRVAL_P(c) + lenof("bytes="); @@ -193,10 +199,13 @@ PHP_HTTP_API http_message *_http_message_parse_ex(http_message *msg, const char if (total_at && strncmp(total_at + 1, "*", 1)) { total = strtoul(total_at + 1, NULL, 10); } - + if ((len = (end + 1 - start)) > remaining) { + http_error_ex(HE_NOTICE, HTTP_E_MALFORMED_HEADERS, "The Content-Range header pretends a larger body than actually received (expected %lu bytes; got %lu bytes)", len, remaining); + len = remaining; + } if (end >= start && (!total || end < total)) { - phpstr_from_string_ex(PHPSTR(msg), body, (size_t) (end + 1 - start)); - continue_at = body + (end + 1 - start); + phpstr_from_string_ex(PHPSTR(msg), body, len); + continue_at = body + len; } } } @@ -208,7 +217,7 @@ PHP_HTTP_API http_message *_http_message_parse_ex(http_message *msg, const char /* no headers that indicate content length */ if (HTTP_MSG_TYPE(RESPONSE, msg)) { - phpstr_from_string_ex(PHPSTR(msg), body, message + message_length - body); + phpstr_from_string_ex(PHPSTR(msg), body, remaining); } else { continue_at = body; } @@ -218,14 +227,14 @@ PHP_HTTP_API http_message *_http_message_parse_ex(http_message *msg, const char if (c = http_message_header(msg, "Content-Encoding")) { char *decoded = NULL; size_t decoded_len = 0; -# ifdef HAVE_ZLIB +# if defined(HAVE_ZLIB) && !defined(HTTP_HAVE_ZLIB) zval func, retval, arg, *args[1]; INIT_PZVAL(&func); INIT_PZVAL(&retval); INIT_PZVAL(&arg); ZVAL_STRINGL(&func, "gzinflate", lenof("gzinflate"), 0); args[0] = &arg; -# endif /* HAVE_ZLIB */ +# endif /* HAVE_ZLIB && !HTTP_HAVE_ZLIB */ # define DECODE_WITH_EXT_ZLIB() \ if (SUCCESS == call_user_function(EG(function_table), NULL, &func, &retval, 1, args TSRMLS_CC)) { \ @@ -251,12 +260,12 @@ PHP_HTTP_API http_message *_http_message_parse_ex(http_message *msg, const char # endif /* HTTP_HAVE_ZLIB */ } - if (decoded && decoded_len) { + if (decoded) { zval *len; char *tmp; int tmp_len; - tmp_len = (int) spprintf(&tmp, 0, "%lu", (ulong) decoded_len); + tmp_len = (int) spprintf(&tmp, 0, "%zu", decoded_len); MAKE_STD_ZVAL(len); ZVAL_STRINGL(len, tmp, tmp_len, 0); @@ -297,6 +306,7 @@ PHP_HTTP_API void _http_message_tostring(http_message *msg, char **string, size_ char *key, *data; ulong idx; zval **header; + HashPosition pos1; phpstr_init_ex(&str, 4096, 0); @@ -322,7 +332,7 @@ PHP_HTTP_API void _http_message_tostring(http_message *msg, char **string, size_ break; } - FOREACH_HASH_KEYVAL(&msg->hdrs, key, idx, header) { + FOREACH_HASH_KEYVAL(pos1, &msg->hdrs, key, idx, header) { if (key) { zval **single_header; @@ -333,9 +343,12 @@ PHP_HTTP_API void _http_message_tostring(http_message *msg, char **string, size_ break; case IS_ARRAY: - FOREACH_VAL(*header, single_header) { + { + HashPosition pos2; + FOREACH_VAL(pos2, *header, single_header) { phpstr_appendf(&str, "%s: %s" HTTP_CRLF, key, Z_STRVAL_PP(single_header)); } + } break; } @@ -435,14 +448,16 @@ PHP_HTTP_API STATUS _http_message_send(http_message *message TSRMLS_DC) char *key; ulong idx; zval **val; + HashPosition pos1; - FOREACH_HASH_KEYVAL(&message->hdrs, key, idx, val) { + FOREACH_HASH_KEYVAL(pos1, &message->hdrs, key, idx, val) { if (key) { if (Z_TYPE_PP(val) == IS_ARRAY) { zend_bool first = 1; zval **data; + HashPosition pos2; - FOREACH_VAL(*val, data) { + FOREACH_VAL(pos2, *val, data) { http_send_header_ex(key, strlen(key), Z_STRVAL_PP(data), Z_STRLEN_PP(data), first, NULL); first = 0; }