From 7ede369470b639131f4c0183fac068f2244ccc31 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Wed, 3 Jun 2026 00:53:25 +0200 Subject: [PATCH] sock: avoid endless loop in sock_recv_chunk_header (2) --- src/lib/sock.c | 22 ++++++++++------------ src/worker/fastcgi_frame_handler.c | 1 - 2 files changed, 10 insertions(+), 13 deletions(-) diff --git a/src/lib/sock.c b/src/lib/sock.c index 69e0522..bd68fba 100644 --- a/src/lib/sock.c +++ b/src/lib/sock.c @@ -414,31 +414,29 @@ long sock_recv_chunk_header(sock *s) { return len; } - long ret; + long ret1, ret2 = -1; size_t len = 0; - char buf[20]; + char buf[20], *buf_ptr = buf; do { - if ((ret = sock_recv(s, buf, sizeof(buf) - 1, MSG_PEEK)) <= 0) { + if ((ret1 = sock_recv(s, buf_ptr, sizeof(buf) - 1 - (buf_ptr - buf), MSG_PEEK)) <= 0) { if (errno == EINTR || errno == EAGAIN) { errno = 0; continue; } else { return -1; } - } else if (ret < 2 || ret >= sizeof(buf)) { - return -1; } - buf[ret] = 0; + buf_ptr[ret1] = 0; - if ((ret = parse_chunk_header(buf, ret, &len)) == -1 && errno == EPROTO) + if ((ret2 = parse_chunk_header(buf, (buf_ptr - buf) + ret1, &len)) == -1 && errno == EPROTO) return -1; - } while (ret < 0); + if (sock_recv_x(s, buf_ptr, ret1, 0) == -1) + return -1; + buf_ptr += ret1; + } while (ret2 < 0); - if (sock_recv_x(s, buf, len, 0) == -1) - return -1; - - return ret; + return ret2; } int sock_send_chunk_header(sock *s, unsigned long size) { diff --git a/src/worker/fastcgi_frame_handler.c b/src/worker/fastcgi_frame_handler.c index b3ee903..e548c7b 100644 --- a/src/worker/fastcgi_frame_handler.c +++ b/src/worker/fastcgi_frame_handler.c @@ -30,7 +30,6 @@ void fastcgi_frame_handler_func(fastcgi_ctx_t *ctx) { default: // end of request received write(ctx->cnx.fd_out, &val, sizeof(val)); - write(ctx->cnx.fd_out, "\r\n", 2); fastcgi_close(ctx); } }