oysteikt/mpd
0
0
Fork 0
Code Issues Pull Requests Releases Activity

output/httpd: use strncmp instead of memcmp

Browse Source 
memcmp use may result in out of bounds access
This commit is contained in:
cathugger 2019-06-05 00:49:15 +03:00 committed by Max Kellermann
parent e7acbf112c
commit 4b81cf0c2c
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/output/plugins/httpd/HttpdClient.cxx
View File

@ -71,10 +71,10 @@ HttpdClient::HandleLine(const char *line) noexcept
assert(state != State::RESPONSE);
if (state == State::REQUEST) {
if (memcmp(line, "HEAD /", 6) == 0) {
if (strncmp(line, "HEAD /", 6) == 0) {
line += 6;
head_method = true;
} else if (memcmp(line, "GET /", 5) == 0) {
} else if (strncmp(line, "GET /", 5) == 0) {
line += 5;
} else {
/* only GET is supported */
@ -84,7 +84,7 @@ HttpdClient::HandleLine(const char *line) noexcept
}
line = strchr(line, ' ');
if (line == nullptr || memcmp(line + 1, "HTTP/", 5) != 0) {
if (line == nullptr || strncmp(line + 1, "HTTP/", 5) != 0) {
/* HTTP/0.9 without request headers */
if (head_method)