aboutsummaryrefslogtreecommitdiffstats
path: root/slowcgi.c
diff options
context:
space:
mode:
authorflorian2014-12-05 20:01:39 +0000
committerWynn Wolf Arbor2020-05-24 12:33:55 +0200
commit9fb6e15abb8df81fedafd3327f726eafd09c8f8f (patch)
treea89678d6d7e2121069235002a1ac0cffa0ba53f0 /slowcgi.c
parentf0b64c903b83f5c9b19f89fb83149b825ace59c1 (diff)
downloadslowcgi-9fb6e15abb8df81fedafd3327f726eafd09c8f8f.tar.gz
Bail out if the buffer is too small to contain the length of a parameter value. Found while investigating a dead store pointed out by llvm scan-build.
Diffstat (limited to 'slowcgi.c')
-rw-r--r--slowcgi.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/slowcgi.c b/slowcgi.c
index 3200855..df478c9 100644
--- a/slowcgi.c
+++ b/slowcgi.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: slowcgi.c,v 1.39 2014/12/05 19:59:55 florian Exp $ */
+/* $OpenBSD: slowcgi.c,v 1.40 2014/12/05 20:01:39 florian Exp $ */
/*
* Copyright (c) 2013 David Gwynne <dlg@openbsd.org>
* Copyright (c) 2013 Florian Obser <florian@openbsd.org>
@@ -682,8 +682,6 @@ parse_params(uint8_t *buf, uint16_t n, struct request *c, uint16_t id)
return;
}
- name_len = val_len = 0;
-
/*
* If this is the last FastCGI parameter record,
* begin execution of the CGI script.
@@ -723,7 +721,9 @@ parse_params(uint8_t *buf, uint16_t n, struct request *c, uint16_t id)
} else
return;
}
- }
+ } else
+ return;
+
if (n < name_len + val_len)
return;