@@ -120,10 +120,14 @@ static int RecvHttp(int fd, byte* buf, int bufSz)
120120 headerEnd = (int )(hdrEnd - (char * )buf ) + 4 ;
121121 cl = strstr ((char * )buf , "Content-Length:" );
122122 if (!cl ) cl = strstr ((char * )buf , "content-length:" );
123- if (cl ) contentLen = atoi (cl + 15 );
123+ if (cl ) {
124+ long val = strtol (cl + 15 , NULL , 10 );
125+ if (val > 0 && val < bufSz )
126+ contentLen = (int )val ;
127+ }
124128 }
125129 }
126- if (headerEnd && total >= headerEnd + contentLen )
130+ if (headerEnd && contentLen > 0 && total >= headerEnd + contentLen )
127131 break ;
128132 }
129133 return total ;
@@ -150,10 +154,15 @@ static int ParsePost(const byte* http, int httpSz,
150154
151155 cl = strstr (hdr , "Content-Length:" );
152156 if (!cl ) cl = strstr (hdr , "content-length:" );
153- if (cl )
154- * bodySz = atoi (cl + 15 );
155- else
157+ if (cl ) {
158+ long val = strtol (cl + 15 , NULL , 10 );
159+ if (val <= 0 || val > httpSz - offset )
160+ return -1 ;
161+ * bodySz = (int )val ;
162+ }
163+ else {
156164 * bodySz = httpSz - offset ;
165+ }
157166
158167 if (offset + * bodySz > httpSz )
159168 return -1 ;
@@ -162,6 +171,19 @@ static int ParsePost(const byte* http, int httpSz,
162171 return 0 ;
163172}
164173
174+ static int SendAll (int fd , const void * data , int sz )
175+ {
176+ const byte * p = (const byte * )data ;
177+ int remaining = sz ;
178+ while (remaining > 0 ) {
179+ int n = (int )send (fd , p , (size_t )remaining , 0 );
180+ if (n < 0 ) return -1 ;
181+ p += n ;
182+ remaining -= n ;
183+ }
184+ return sz ;
185+ }
186+
165187static void SendOcspResp (int fd , const byte * resp , int respSz )
166188{
167189 char hdr [256 ];
@@ -173,16 +195,16 @@ static void SendOcspResp(int fd, const byte* resp, int respSz)
173195 "Content-Length: %d\r\n"
174196 "\r\n" , respSz );
175197
176- send (fd , hdr , ( size_t ) hdrLen , 0 );
177- send (fd , resp , ( size_t ) respSz , 0 );
198+ SendAll (fd , hdr , hdrLen );
199+ SendAll (fd , resp , respSz );
178200}
179201
180202static void SendHttpError (int fd , int code , const char * msg )
181203{
182204 char buf [256 ];
183205 int len = snprintf (buf , sizeof (buf ),
184206 "HTTP/1.0 %d %s\r\nContent-Length: 0\r\n\r\n" , code , msg );
185- send (fd , buf , ( size_t ) len , 0 );
207+ SendAll (fd , buf , len );
186208}
187209
188210int main (int argc , char * * argv )
@@ -197,7 +219,7 @@ int main(int argc, char** argv)
197219 int caCertInit = 0 ;
198220 char caSubject [256 ];
199221 word32 caSubjectSz = sizeof (caSubject );
200- int sockfd , clientfd , opt = 1 , i ;
222+ int sockfd = -1 , clientfd , opt = 1 , i ;
201223 struct sockaddr_in addr ;
202224
203225 if (argc < 4 ) {
@@ -265,7 +287,14 @@ int main(int argc, char** argv)
265287 }
266288
267289 sockfd = socket (AF_INET , SOCK_STREAM , 0 );
268- setsockopt (sockfd , SOL_SOCKET , SO_REUSEADDR , & opt , sizeof (opt ));
290+ if (sockfd < 0 ) {
291+ perror ("socket" );
292+ goto cleanup ;
293+ }
294+ if (setsockopt (sockfd , SOL_SOCKET , SO_REUSEADDR , & opt , sizeof (opt )) < 0 ) {
295+ perror ("setsockopt" );
296+ goto cleanup ;
297+ }
269298 memset (& addr , 0 , sizeof (addr ));
270299 addr .sin_family = AF_INET ;
271300 addr .sin_addr .s_addr = INADDR_ANY ;
@@ -275,7 +304,10 @@ int main(int argc, char** argv)
275304 perror ("bind" );
276305 goto cleanup ;
277306 }
278- listen (sockfd , 5 );
307+ if (listen (sockfd , 5 ) < 0 ) {
308+ perror ("listen" );
309+ goto cleanup ;
310+ }
279311 printf ("OCSP responder listening on port %d\n" , port );
280312
281313 while (running ) {
@@ -308,10 +340,10 @@ int main(int argc, char** argv)
308340 close (clientfd );
309341 }
310342
311- close (sockfd );
312343 printf ("\nShutdown.\n" );
313344
314345cleanup :
346+ if (sockfd >= 0 ) close (sockfd );
315347 if (responder ) wc_OcspResponder_free (responder );
316348 if (caCertInit ) wc_FreeDecodedCert (& caCert );
317349 free (caCertDer );
0 commit comments