From 4b81cf0c2c62d3591750037a8260b7e074d687c0 Mon Sep 17 00:00:00 2001
From: cathugger <cathugger@cock.li>
Date: Wed, 5 Jun 2019 00:49:15 +0300
Subject: [PATCH] output/httpd: use strncmp instead of memcmp

memcmp use may result in out of bounds access
---
 src/output/plugins/httpd/HttpdClient.cxx | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/output/plugins/httpd/HttpdClient.cxx b/src/output/plugins/httpd/HttpdClient.cxx
index 27e1320d4..3de895092 100644
--- a/src/output/plugins/httpd/HttpdClient.cxx
+++ b/src/output/plugins/httpd/HttpdClient.cxx
@@ -71,10 +71,10 @@ HttpdClient::HandleLine(const char *line) noexcept
 	assert(state != State::RESPONSE);
 
 	if (state == State::REQUEST) {
-		if (memcmp(line, "HEAD /", 6) == 0) {
+		if (strncmp(line, "HEAD /", 6) == 0) {
 			line += 6;
 			head_method = true;
-		} else if (memcmp(line, "GET /", 5) == 0) {
+		} else if (strncmp(line, "GET /", 5) == 0) {
 			line += 5;
 		} else {
 			/* only GET is supported */
@@ -84,7 +84,7 @@ HttpdClient::HandleLine(const char *line) noexcept
 		}
 
 		line = strchr(line, ' ');
-		if (line == nullptr || memcmp(line + 1, "HTTP/", 5) != 0) {
+		if (line == nullptr || strncmp(line + 1, "HTTP/", 5) != 0) {
 			/* HTTP/0.9 without request headers */
 
 			if (head_method)