Fix HTTP header parsing iteration conditions

Added macros to define maximum lengths for header names and values. This ensures proper validation and prevents potential buffer overflows.
SeriousSamV · Oct 31, 2024 · a698045 · a698045
1 parent 45a3e9a
commit a698045
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/src/tiny_http/tiny_http_server_lib.c b/src/tiny_http/tiny_http_server_lib.c
@@ -55,7 +55,7 @@ http_request *parse_http_request(const uint8_t *const http_packet, const size_t
     printf("request method: %d", request->method);
 #endif
 
-    for (int iter_cnt = 0; ptr < http_packet_len || iter_cnt < MAX_URL_LENGTH; ptr++, iter_cnt++) {
+    for (int iter_cnt = 0; ptr < http_packet_len && iter_cnt < MAX_URL_LENGTH; ptr++, iter_cnt++) {
         if (http_packet[ptr] == ' ') {
             request->url = strndup((char *) &http_packet[start_uri], ptr - start_uri);
             ptr++;
@@ -106,7 +106,7 @@ http_request *parse_http_request(const uint8_t *const http_packet, const size_t
         http_header *header = calloc(1, sizeof(http_header));
         const size_t header_name_start_ptr = ptr;
         size_t header_name_len = 0;
-        for (int iter_cnt = 0; ptr < http_packet_len || iter_cnt < 8; ptr++, iter_cnt++) {
+        for (int iter_cnt = 0; ptr < http_packet_len && iter_cnt < MAX_HTTP_HEADER_NAME_LENGTH; ptr++, iter_cnt++) {
             if (http_packet[ptr] == ' ') {
                 header_name_len = ptr - header_name_start_ptr;
                 break;
@@ -129,7 +129,7 @@ http_request *parse_http_request(const uint8_t *const http_packet, const size_t
         }
         const size_t header_value_start = ptr;
         size_t header_value_len = 0;
-        for (; ptr < http_packet_len; ptr++) {
+        for (int iter_cnt = 0; ptr < http_packet_len && iter_cnt < MAX_HTTP_HEADER_VALUE_LENGTH; ptr++, iter_cnt++) {
             if (http_packet[ptr] == '\r' && http_packet[ptr + 1] == '\n') {
                 header_value_len = ptr - header_value_start;
                 break;

diff --git a/src/tiny_http/tiny_http_server_lib.h b/src/tiny_http/tiny_http_server_lib.h
@@ -8,6 +8,8 @@
 #include <stddef.h>
 
 #define MAX_URL_LENGTH 8000
+#define MAX_HTTP_HEADER_NAME_LENGTH 8000
+#define MAX_HTTP_HEADER_VALUE_LENGTH 8000
 
 typedef enum http_version {
     HTTP_1_0 = 1,