From 558c2abd3efb050f6f717e6238c4b532bdfeb387 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Sat, 11 May 2019 10:41:14 +0100 Subject: [PATCH] Kill MAX_BUF_LEN There's no real point in having a hard limit for struct oc_text_buf, the whole point of which is that it is dynamically allocated. Just guard against the int buf_len overflowing. In process_http_response() the hard-coded buf[] array is only used for headers one line at a time now, so 8KiB should suffice. Fixes: #39 Signed-off-by: David Woodhouse --- http.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/http.c b/http.c index fa3279b1..fa85c496 100644 --- a/http.c +++ b/http.c @@ -33,7 +33,6 @@ static int proxy_write(struct openconnect_info *vpninfo, char *buf, size_t len); static int proxy_read(struct openconnect_info *vpninfo, char *buf, size_t len); -#define MAX_BUF_LEN 131072 #define BUF_CHUNK_SIZE 4096 struct oc_text_buf *buf_alloc(void) @@ -89,14 +88,14 @@ void buf_truncate(struct oc_text_buf *buf) int buf_ensure_space(struct oc_text_buf *buf, int len) { - int new_buf_len; + unsigned int new_buf_len; new_buf_len = (buf->pos + len + BUF_CHUNK_SIZE - 1) & ~(BUF_CHUNK_SIZE - 1); if (new_buf_len <= buf->buf_len) return 0; - if (new_buf_len > MAX_BUF_LEN) { + if (new_buf_len > INT_MAX) { buf->error = -E2BIG; return buf->error; } else { @@ -371,7 +370,7 @@ int process_http_response(struct openconnect_info *vpninfo, int connect, int (*header_cb)(struct openconnect_info *, char *, char *), struct oc_text_buf *body) { - char buf[MAX_BUF_LEN]; + char buf[8192]; int bodylen = BODY_HTTP10; int closeconn = 0; int result; -- 2.49.0