From 52c5ce6598afb919b5f6846ffb6b5ad52dcd6a31 Mon Sep 17 00:00:00 2001
From: Mattes D <github@xoft.cz>
Date: Wed, 20 Jan 2016 09:45:16 +0100
Subject: Fixed HTTP parsing when in insecure mode.

Parsing would ignore the size of data already buffered, resulting in bad_alloc exception.
Fixes #2898.
---
 src/HTTP/HTTPRequestParser.cpp | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/HTTP/HTTPRequestParser.cpp b/src/HTTP/HTTPRequestParser.cpp
index 9c60c6053..bab463832 100644
--- a/src/HTTP/HTTPRequestParser.cpp
+++ b/src/HTTP/HTTPRequestParser.cpp
@@ -35,11 +35,13 @@ size_t cHTTPRequestParser::ParseHeaders(const char * a_Data, size_t a_Size)
 	{
 		// The first line hasn't been processed yet
 		size_t res = ParseRequestLine(a_Data, a_Size);
+		ASSERT((res == AString::npos) || (res <= a_Size));
 		if ((res == AString::npos) || (res == a_Size))
 		{
 			return res;
 		}
 		size_t res2 = m_EnvelopeParser.Parse(a_Data + res, a_Size - res);
+		ASSERT((res2 == AString::npos) || (res2 <= a_Size - res));
 		if (res2 == AString::npos)
 		{
 			m_IsValid = false;
@@ -51,6 +53,7 @@ size_t cHTTPRequestParser::ParseHeaders(const char * a_Data, size_t a_Size)
 	if (m_EnvelopeParser.IsInHeaders())
 	{
 		size_t res = m_EnvelopeParser.Parse(a_Data, a_Size);
+		ASSERT((res == AString::npos) || (res <= a_Size));
 		if (res == AString::npos)
 		{
 			m_IsValid = false;
@@ -83,8 +86,9 @@ AString cHTTPRequestParser::GetBareURL(void) const
 
 size_t cHTTPRequestParser::ParseRequestLine(const char * a_Data, size_t a_Size)
 {
+	auto inBufferSoFar = m_IncomingHeaderData.size();
 	m_IncomingHeaderData.append(a_Data, a_Size);
-	size_t IdxEnd = m_IncomingHeaderData.size();
+	auto IdxEnd = m_IncomingHeaderData.size();
 
 	// Ignore the initial CRLFs (HTTP spec's "should")
 	size_t LineStart = 0;
@@ -151,7 +155,7 @@ size_t cHTTPRequestParser::ParseRequestLine(const char * a_Data, size_t a_Size)
 				}
 				m_Method = m_IncomingHeaderData.substr(LineStart, MethodEnd - LineStart);
 				m_URL = m_IncomingHeaderData.substr(MethodEnd + 1, URLEnd - MethodEnd - 1);
-				return i + 1;
+				return i + 1 - inBufferSoFar;
 			}
 		}  // switch (m_IncomingHeaderData[i])
 	}  // for i - m_IncomingHeaderData[]
-- 
cgit v1.2.3