From 9fb6e15abb8df81fedafd3327f726eafd09c8f8f Mon Sep 17 00:00:00 2001
From: florian
Date: Fri, 5 Dec 2014 20:01:39 +0000
Subject: Bail out if the buffer is too small to contain the length of a
 parameter value. Found while investigating a dead store pointed out by llvm
 scan-build.

---
 slowcgi.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/slowcgi.c b/slowcgi.c
index 3200855..df478c9 100644
--- a/slowcgi.c
+++ b/slowcgi.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: slowcgi.c,v 1.39 2014/12/05 19:59:55 florian Exp $ */
+/*	$OpenBSD: slowcgi.c,v 1.40 2014/12/05 20:01:39 florian Exp $ */
 /*
  * Copyright (c) 2013 David Gwynne <dlg@openbsd.org>
  * Copyright (c) 2013 Florian Obser <florian@openbsd.org>
@@ -682,8 +682,6 @@ parse_params(uint8_t *buf, uint16_t n, struct request *c, uint16_t id)
 		return;
 	}
 
-	name_len = val_len = 0;
-
 	/*
 	 * If this is the last FastCGI parameter record,
 	 * begin execution of the CGI script.
@@ -723,7 +721,9 @@ parse_params(uint8_t *buf, uint16_t n, struct request *c, uint16_t id)
 				} else
 					return;
 			}
-		}
+		} else
+			return;
+
 		if (n < name_len + val_len)
 			return;
 
-- 
cgit v1.2.3-2-gb3c3