mirror
/
darkhttpd
mirror of https://github.com/emikulic/darkhttpd.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Avoid file size overflow on 32-bit systems. 

Reported by: Mariusz Stokłosa <krokator@gmail.com>
This commit is contained in:
Emil Mikulic 2020-07-01 22:07:12 +10:00
parent d777aacd98
commit 6a82e67772
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
darkhttpd.c
View File

@ -2370,6 +2370,10 @@ static ssize_t send_from_file(const int s, const int fd,
static void poll_send_reply(struct connection *conn)
{
ssize_t sent;
/* off_t can be wider than size_t, avoid overflow in send_len */
const size_t max_size_t = ~((size_t)0);
off_t send_len = conn->reply_length - conn->reply_sent;
if (send_len > max_size_t) send_len = max_size_t;
assert(conn->state == SEND_REPLY);
assert(!conn->header_only);
@ -2377,14 +2381,13 @@ static void poll_send_reply(struct connection *conn)
assert(conn->reply_length >= conn->reply_sent);
sent = send(conn->socket,
conn->reply + conn->reply_start + conn->reply_sent,
(size_t)(conn->reply_length - conn->reply_sent), 0);
(size_t)send_len, 0);
}
else {
errno = 0;
assert(conn->reply_length >= conn->reply_sent);
sent = send_from_file(conn->socket, conn->reply_fd,
conn->reply_start + conn->reply_sent,
(size_t)(conn->reply_length - conn->reply_sent));
conn->reply_start + conn->reply_sent, (size_t)send_len);
if (debug && (sent < 1))
printf("send_from_file returned %lld (errno=%d %s)\n",
(long long)sent, errno, strerror(errno));