Fix infi loop when buffer ends with \r (fhessel#123) (#3)

gb-123-git · Nov 1, 2023 · bad7d1c · bad7d1c
1 parent cf4fad1
commit bad7d1c
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 18 deletions.
diff --git a/src/HTTPConnection.cpp b/src/HTTPConnection.cpp
@@ -290,26 +290,26 @@ void HTTPConnection::raiseError(uint16_t code, std::string reason) {
 void HTTPConnection::readLine(int lengthLimit) {
   while(_bufferProcessed < _bufferUnusedIdx) {
     char newChar = _receiveBuffer[_bufferProcessed];
-
-    if ( newChar == '\r') {
-      // Look ahead for \n (if not possible, wait for next round
-      if (_bufferProcessed+1 < _bufferUnusedIdx) {
-        if (_receiveBuffer[_bufferProcessed+1] == '\n') {
-          _bufferProcessed += 2;
-          _parserLine.parsingFinished = true;
-          return;
-        } else {
-          // Line has not been terminated by \r\n
-          HTTPS_LOGW("Line without \\r\\n (got only \\r). FID=%d", _socket);
-          raiseError(400, "Bad Request");
-          return;
-        }
+    _bufferProcessed++;
+    if ( partialTerminationParsed ){
+      partialTerminationParsed = false;
+      if (newChar == '\n') {
+        _parserLine.parsingFinished = true;
+      } 
+      else {
+        // Line has not been terminated by \r\n
+        HTTPS_LOGW("Line without \\r\\n (got only \\r). FID=%d", _socket);
+        raiseError(400, "Bad Request");
       }
-    } else {
+      return;
+    } 
+    if ( newChar == '\r') {
+      partialTerminationParsed = true;
+    } 
+    else {
       _parserLine.text += newChar;
-      _bufferProcessed += 1;
     }
-
+    
     // Check that the max request string size is not exceeded
     if (_parserLine.text.length() > lengthLimit) {
       HTTPS_LOGW("Header length exceeded. FID=%d", _socket);

diff --git a/src/HTTPConnection.hpp b/src/HTTPConnection.hpp
@@ -132,7 +132,9 @@ class HTTPConnection : private ConnectionContext {
   int _bufferProcessed;
   // The index on the receive_buffer that is the first one which is empty at the end.
   int _bufferUnusedIdx;
-
+  // If \r character has been read, in this case we expect \n to terminate the line
+  bool partialTerminationParsed = false;
+
   // Socket address, length etc for the connection
   struct sockaddr _sockAddr;
   socklen_t _addrLen;