From 2df2ceacd7f241852efbba3515c9535961e3f64c Mon Sep 17 00:00:00 2001
From: Michael Wallner <mike@php.net>
Date: Tue, 17 Feb 2015 14:02:45 +0100
Subject: [PATCH] better error message

---
 php_http_header_parser.c | 15 +++++++++++++--
 tests/header007.phpt     |  2 +-
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/php_http_header_parser.c b/php_http_header_parser.c
index fdbac18..cea2dbf 100644
--- a/php_http_header_parser.c
+++ b/php_http_header_parser.c
@@ -104,10 +104,10 @@ static void php_http_header_parser_error(size_t valid_len, char *str, size_t len
 
 	escaped_str = php_addcslashes(str, len, &escaped_len, 0, ZEND_STRL("\x0..\x1F\x7F..\xFF") TSRMLS_CC);
 
-	if (valid_len != len) {
+	if (valid_len != len && (!eol_str || (str+valid_len) != eol_str)) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse headers: unexpected character '\\%03o' at pos %zu of '%.*s'", str[valid_len], valid_len, escaped_len, escaped_str);
 	} else if (eol_str) {
-		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse headers: unexpected character '\\%03o' at pos %zu of '%.*s'", *eol_str, eol_str - str, escaped_len, escaped_str);
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse headers: unexpected end of line at pos %zu of '%.*s'", eol_str - str, escaped_len, escaped_str);
 	} else {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse headers: unexpected end of input at pos %zu of '%.*s'", len, escaped_len, escaped_str);
 	}
@@ -246,6 +246,17 @@ STATUS php_http_header_parser_parse(php_http_header_parser_t *parser, php_http_b
 			case PHP_HTTP_HEADER_PARSER_STATE_HEADER_DONE:
 				if (parser->_key.str && parser->_val.str) {
 					zval array, **exist;
+					size_t valid_len = strlen(parser->_val.str);
+
+					/* check for truncation */
+					if (valid_len != parser->_val.len) {
+						php_http_header_parser_error(valid_len, parser->_val.str, parser->_val.len, NULL TSRMLS_CC);
+
+						PTR_SET(parser->_key.str, NULL);
+						PTR_SET(parser->_val.str, NULL);
+
+						return php_http_header_parser_state_push(parser, 1, PHP_HTTP_HEADER_PARSER_STATE_FAILURE);
+					}
 
 					if (!headers && callback_func) {
 						callback_func(callback_arg, &headers, NULL TSRMLS_CC);
diff --git a/tests/header007.phpt b/tests/header007.phpt
index d565e79..7fb4dd1 100644
--- a/tests/header007.phpt
+++ b/tests/header007.phpt
@@ -17,5 +17,5 @@ Done
 --EXPECTF--
 Test
 
-Warning: http\Header::parse(): Failed to parse headers: unexpected character '\012' at pos 4 of 'wass\nup' in %s on line %d
+Warning: http\Header::parse(): Failed to parse headers: unexpected end of line at pos 4 of 'wass\nup' in %s on line %d
 Done
-- 
2.30.2