• Martin Blix Grydeland's avatar
    Fix buffer overflow in HTC_RxInit on workspace exhaustion · 4bcc1c21
    Martin Blix Grydeland authored
    HTC_RxInit could write a single '\0' NUL character outside of the
    workspace when its called and there is zero bytes left in the
    workspace. This would trigger the workspace canary causing subsequent
    assertion.
    
    Fix by releaving HTC_RxInit of adding the '\0' character.
    
    HTC_RxStuff now returns HTC_S_Overflow early if the available buffer
    space is zero. The '\0' character is inserted just before calling the
    completion check function.
    
    Also fix an off-by-one error on the http_{req|resp}_size calculations,
    where the maximum number of bytes accepted was one less than the
    paramter indicated. c00039.vtc and c00040.vtc has been edited to
    reflect that and to be more expressive about the sizes they generate.
    
    Fixes: #1834
    4bcc1c21
cache_session.c 13.9 KB