ref: 524fea374f6a53f754068c11211cdb842916af82
parent: b8d0e8f2692a2e0809d72cd621159e4ed4a6051d
author: Julien Blanchard <julien@typed-hole.org>
date: Tue Dec 30 06:06:36 EST 2025
fix: prevent garbage in HTTP response by allocating on the heap
--- a/http.c
+++ b/http.c
@@ -28,9 +28,9 @@
char *
httpget(char *token, char *url)
{- int ctlfd, bodyfd, conn, n;
+ int ctlfd, bodyfd, conn, n, nbytes;
char buf[1024];
- char body[TLBUFSIZE];
+ char *body;
char *bearer_token;
ctlfd = webclone(&conn);
@@ -47,10 +47,12 @@
snprint(buf, sizeof(buf), "/mnt/web/%d/body", conn);
/* Response */
+ body = emalloc(TLBUFSIZE);
if((bodyfd = open(buf, OREAD)) < 0)
sysfatal("httpget: open %s: %r", buf);- if(readn(bodyfd, body, TLBUFSIZE) <= 0)
+ if((nbytes = readn(bodyfd, body, TLBUFSIZE - 1)) <= 0)
sysfatal("httpget: readn: %r");+ body[nbytes] = '\0';
close(bodyfd);
close(ctlfd);
@@ -61,8 +63,9 @@
char *
httppost(char *token, char *url, char *text)
{- int n, ctlfd, bodyfd, conn;
+ int n, ctlfd, bodyfd, conn, nbytes;
char buf[TOOTBUFSIZE];
+ char *response;
char *bearer_token;
ctlfd = webclone(&conn);
@@ -85,16 +88,18 @@
close(bodyfd);
/* Response */
+ response = emalloc(TOOTBUFSIZE);
snprint(buf, TOOTBUFSIZE, "/mnt/web/%d/body", conn);
if((bodyfd = open(buf, OREAD)) < 0)
sysfatal("httppost: open %s: %r", buf);- if(readn(bodyfd, buf, TOOTBUFSIZE) <= 0)
+ if((nbytes = readn(bodyfd, response, TOOTBUFSIZE - 1)) <= 0)
sysfatal("httppost: readn: %r");+ response[nbytes] = '\0';
close(bodyfd);
close(ctlfd);
- return buf;
+ return response;
}
char *
@@ -172,14 +177,16 @@
close(bodyfd);
/* Response */
+ char *response = emalloc(BUFSIZE);
snprint(buf, sizeof buf, "/mnt/web/%d/body", conn);
if((bodyfd = open(buf, OREAD)) < 0)
sysfatal("upload: open %s: %r", buf);- if(readn(bodyfd, buf, BUFSIZE) <= 0)
+ if((n = readn(bodyfd, response, BUFSIZE - 1)) <= 0)
sysfatal("upload: readn: %r");+ response[n] = '\0';
close(bodyfd);
close(ctlfd);
- return buf;
+ return response;
}
--
⑨