From 93c754359d9a52a1e848f1c2ad9603a0c04bf1d7 Mon Sep 17 00:00:00 2001
From: Nakidai <nakidai@disroot.org>
Date: Sun, 15 Dec 2024 00:12:54 +0300
Subject: Add bound checking for LibHTTPC_loadRequest

I realized that you don't need to pass buf_len as buf is a c-string.

Anyway, that is bound checking and it should work.
---
 src/request.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'src')

diff --git a/src/request.c b/src/request.c
index 644cd4b..a0e1358 100644
--- a/src/request.c
+++ b/src/request.c
@@ -9,6 +9,7 @@ struct LibHTTPC_Request *LibHTTPC_loadRequest(struct LibHTTPC_Request *request_b
 {
     char *next;
     int selfmalloc = 0;
+    char *buf_end = strchr(buf, '\0');
 
     if (!buf)
         return NULL;
@@ -50,6 +51,8 @@ struct LibHTTPC_Request *LibHTTPC_loadRequest(struct LibHTTPC_Request *request_b
     if (!next)
         return NULL;
     *next++ = '\0';
+    if (next > buf_end)
+        return NULL;
 
     for (size_t i = 0; (next = strstr(next, "\r\n")); ++next, ++i)
     {
@@ -57,6 +60,8 @@ struct LibHTTPC_Request *LibHTTPC_loadRequest(struct LibHTTPC_Request *request_b
             return NULL;
         *next = '\0';
         next += 2;
+        if (next > buf_end)
+            return NULL;
 
         if (strstr(next, "\r\n") == next)
             break;
@@ -78,6 +83,8 @@ struct LibHTTPC_Request *LibHTTPC_loadRequest(struct LibHTTPC_Request *request_b
             if (!next)
                 return NULL;
             *next++ = '\0';
+            if (next > buf_end)
+                return NULL;
             request_buf->headers[i].value = next;
         }
     }
-- 
cgit 1.4.1