From: Omar Polo Subject: Re: gotweb cfgi buffer length checks To: Stefan Sperling Cc: gameoftrees@openbsd.org Date: Fri, 6 Dec 2024 15:09:34 +0100 On 05/12/24 18:44, Stefan Sperling wrote: > On Wed, Dec 04, 2024 at 03:40:51PM +0100, Omar Polo wrote: >> Hello, >> >> >> sorry for the delay! >> >> >> On 02/12/24 18:01, Stefan Sperling wrote: >>> dump_fcgi_record() gets called for a length that is at least the size >>> of the header, but the function also processes parts of the body. Add >>> a length check to skip the body if the buffer is too short. >>> >>> ok? >> Looks fine to me, but what about deferring the call to dump_fcgi_record() in fcgi_parse_record() by a couple of lines? Likewise, the other call can be just changed to dump_fcgi_record_header() since it's called on a just constructed header. >> >> I think it's cleaner if dump_fcgi_record() is defined to work only on a fully-read fcgi record. > Oh, yes, that approach seems better. > > Is this ok? yes, thank you! ok op@