From 552d2bab317270f5a4a1dfa3bcfedfc9fbde7960 Mon Sep 17 00:00:00 2001
From: Eduardo Silva <edsiper@gmail.com>
Date: Tue, 16 Mar 2010 20:19:03 -0400
Subject: [PATCH] Fix Headers TOC parser, use body length as limit

---
 src/include/request.h |  3 ++-
 src/request.c         | 14 ++++++++------
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/src/include/request.h b/src/include/request.h
index ee0593a..763408e 100644
--- a/src/include/request.h
+++ b/src/include/request.h
@@ -286,7 +286,8 @@ int mk_handler_write(int socket, struct client_request *cr);
 
 
 struct header_toc *mk_request_header_toc_create(int len);
-void mk_request_header_toc_parse(struct header_toc *toc, char *data, int len);
+void mk_request_header_toc_parse(struct header_toc *toc, int toc_len,
+                                 char *data, int len);
 
 void mk_request_ka_next(struct client_request *cr);
 #endif
diff --git a/src/request.c b/src/request.c
index aec510c..866da77 100644
--- a/src/request.c
+++ b/src/request.c
@@ -126,7 +126,7 @@ struct request *mk_request_parse(struct client_request *cr)
     }
 
      
-    /* DEBUG BLOCKS 
+    /* DEBUG BLOCKS */
     cr_search = cr->request;
     while(cr_search){
         printf("\n");
@@ -136,7 +136,7 @@ struct request *mk_request_parse(struct client_request *cr)
 
         cr_search = cr_search->next;
     }
-    */
+
 
     /* Checking pipelining connection */
     cr_search = cr->request;
@@ -428,8 +428,10 @@ int mk_request_header_process(struct request *sr)
 
     /* Creating table of content (index) for request headers */
     int toc_len = MK_KNOWN_HEADERS;
+    int headers_len = sr->body.len - (prot_end + mk_crlf.len);
+
     struct header_toc *toc = mk_request_header_toc_create(toc_len);
-    mk_request_header_toc_parse(toc, headers, toc_len);
+    mk_request_header_toc_parse(toc, toc_len, headers, headers_len);
 
     /* Host */
     host = mk_request_header_find(toc, toc_len, headers, mk_rh_host);
@@ -968,13 +970,13 @@ struct header_toc *mk_request_header_toc_create(int len)
     return p;
 }
 
-void mk_request_header_toc_parse(struct header_toc *toc, char *data, int len)
+void mk_request_header_toc_parse(struct header_toc *toc, int toc_len, char *data, int len)
 {
-    char *p, *l;
+    char *p, *l = 0;
     int i;
 
     p = data;
-    for (i = 0; i < len && p; i++) {
+    for (i = 0; i < toc_len && p && l < data + len; i++) {
         l = strstr(p, MK_CRLF);
         if (l) {
             toc[i].init = p;
-- 
2.11.4.GIT