• Alf-André Walla's avatar
    Add bounds-checking to vct_iscrlf and vct_skipcrlf · 177e17c8
    Alf-André Walla authored
    The macros vct_iscrlf() and vct_skipcrlf() may look at one or two bytes
    after its pointer value, causing OOB reads. This would allow
    http1_dissect_hdrs to wrongly see a CRLF when one wasn't there (the last
    LF left over in the bufer from the previous request).
    
    Change the macros to inline functions, and harden them by always sending
    the end pointer so that they can't overflow.
    
    vct_iscrlf() will return an int value of 0 for no [CR]LF, 1 for LF and 2
    for CRLF.
    
    vct_skipcrlf() will return the pointer having been skipped 0, 1 or 2
    bytes.
    177e17c8
vct.h 3.26 KB