From 01f9debec31c8696d324db3d1b6a092a4e853077 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20B=C3=BChler?= Date: Thu, 19 Apr 2012 13:02:06 +0000 Subject: [PATCH] Fix handling of empty header list entries in http_request_split_value, fixing invalid read in valgrind (fixes #2413) git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2830 152afb58-edef-0310-8abb-c4023f1b3aa9 --- NEWS | 1 + src/request.c | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 4c8a16ed..6bbeab14 100644 --- a/NEWS +++ b/NEWS @@ -9,6 +9,7 @@ NEWS * [mod_compress] fix handling if etags are disabled but cache-dir is set - may lead to double response * disable mmap by default (fixes #2391) * buffer_caseless_compare: always convert letters to lowercase to get transitive results, fixing array lookups (fixes #2405) + * Fix handling of empty header list entries in http_request_split_value, fixing invalid read in valgrind (fixes #2413) - 1.4.30 - 2011-12-18 * Always use our 'own' md5 implementation, fixes linking issues on MacOS (fixes #2331) diff --git a/src/request.c b/src/request.c index a48bf48d..e76a98fb 100644 --- a/src/request.c +++ b/src/request.c @@ -241,9 +241,11 @@ static int http_request_split_value(array *vals, buffer *b) { start = s; for (; *s != ',' && i < b->used - 1; i++, s++); + if (start == s) break; /* empty fields are skipped */ end = s - 1; - for (; (*end == ' ' || *end == '\t') && end > start; end--); + for (; end > start && (*end == ' ' || *end == '\t'); end--); + if (start == end) break; /* empty fields are skipped */ if (NULL == (ds = (data_string *)array_get_unused_element(vals, TYPE_STRING))) { ds = data_string_init();