From: Stefan Sperling <stsp@stsp.name>
Subject: Re: fix math in fcgi_send_response
To: Omar Polo <op@omarpolo.com>
Cc: gameoftrees@openbsd.org
Date: Thu, 31 Jul 2025 11:17:25 +0200

On Wed, Jul 30, 2025 at 11:14:08PM +0200, Omar Polo wrote:
> it can't be hit because we always have buffers that are way smaller than
> FCGI_CONTENT_SIZE (65535), but it should be fixed

Makes sense, ok.

> diff /home/op/w/got
> path + /home/op/w/got
> commit - d7677e54e3e81837bb9206cdd2d4a49c7d108246
> blob - df49986c584e5a1f45a0def6d23843ddbdc8ef91
> file + gotwebd/fcgi.c
> --- gotwebd/fcgi.c
> +++ gotwebd/fcgi.c
> @@ -449,21 +449,23 @@ int
>  fcgi_send_response(struct request *c, int type, const void *data,
>      size_t len)
>  {
> +	size_t		 avail;
> +
>  	if (c->client_status == CLIENT_DISCONNECT)
>  		return -1;
>  
> -	while (len > FCGI_CONTENT_SIZE) {
> -		if (send_response(c, type, data, len) == -1)
> +	while (len > 0) {
> +		avail = len;
> +		if (avail > FCGI_CONTENT_SIZE)
> +			avail = FCGI_CONTENT_SIZE;
> +
> +		if (send_response(c, type, data, avail) == -1)
>  			return -1;
> -
> -		data += FCGI_CONTENT_SIZE;
> -		len -= FCGI_CONTENT_SIZE;
> +		data += avail;
> +		len -= avail;
>  	}
>  
> -	if (len == 0)
> -		return 0;
> -
> -	return send_response(c, type, data, len);
> +	return 0;
>  }
>  
>  int
> 
>