--- libaitwww/src/mime.c 2012/03/08 23:40:21 1.1 +++ libaitwww/src/mime.c 2012/03/10 00:26:49 1.2 @@ -3,7 +3,7 @@ * by Michael Pounov * * $Author: misho $ -* $Id: mime.c,v 1.1 2012/03/08 23:40:21 misho Exp $ +* $Id: mime.c,v 1.2 2012/03/10 00:26:49 misho Exp $ * ************************************************************************** The ELWIX and AITNET software is distributed under the following @@ -169,8 +169,8 @@ hdrValue(const char *str, size_t len, const char **end e = str + len; while (str < e) { - if ((crlf = findtextpos(str, e - str, CRLF, strlen(CRLF)))) { - www_SetErr(EBADMSG, "Bad MIME format message"); + if (!(crlf = findtextpos(str, e - str, CRLF, strlen(CRLF)))) { + www_SetErr(EBADMSG, "Bad header format of MIME part"); return NULL; } @@ -328,7 +328,7 @@ mime_parseMultiPart(const char *str, size_t len, const mime_t *mime = NULL; struct iovec bd[2]; struct tagMIME *m, *old = NULL; - const char *next; + const char *next = NULL; if (!str | !bdtag) { www_SetErr(EINVAL, "String or boundary tag is NULL"); @@ -359,6 +359,8 @@ mime_parseMultiPart(const char *str, size_t len, const return NULL; } else bd[1].iov_len = strlen(bd[1].iov_base); + + /* check boundary tag */ if (memcmp(str, strstr(bd[0].iov_base, "--"), strlen(strstr(bd[0].iov_base, "--")))) { www_SetErr(EBADMSG, "Bad content data, not found boundary tag"); free(bd[1].iov_base); @@ -370,7 +372,7 @@ mime_parseMultiPart(const char *str, size_t len, const len -= strlen(strstr(bd[0].iov_base, "--")); } - while (42) { + while (len > 0) { m = malloc(sizeof(struct tagMIME)); if (!m) { LOGERR; @@ -413,8 +415,14 @@ mime_parseMultiPart(const char *str, size_t len, const } str += bd[0].iov_len; + /* LLVM static code analyzer said for this - unusable + * len -= bd[0].iov_len; + */ + free(bd[1].iov_base); + free(bd[0].iov_base); + if (end) *end = str; return mime; @@ -512,6 +520,12 @@ mime_parseHeader(struct tagMIME * __restrict m, const } /* get value */ c->cgi_value = hdrValue(colon + 1, e - colon - 1, &str); + if (!c->cgi_value) { + free(c->cgi_name); + free(c); + freeHeader(m); + return -1; + } if (!old) SLIST_INSERT_HEAD(&m->mime_header, c, cgi_node); @@ -539,7 +553,7 @@ mime_getValue(struct tagMIME * __restrict m, const cha const char *v = NULL; SLIST_FOREACH(c, &m->mime_header, cgi_node) - if (!strcmp(c->cgi_name, name)) { + if (!strcasecmp(c->cgi_name, name)) { v = c->cgi_value; break; } @@ -561,8 +575,8 @@ mime_readPart(struct tagMIME * __restrict m, const cha cgi_t *attr; struct iovec bd; - if (!m || !str) { - www_SetErr(EINVAL, "Mime part or string is NULL"); + if (!m || !str || (ssize_t) len < 0) { + www_SetErr(EINVAL, "Mime part, string is NULL or length is less 0"); return -1; } @@ -573,14 +587,21 @@ mime_readPart(struct tagMIME * __restrict m, const cha if (!ct || www_cmptype(ct, "multipart")) { /* not multi part, assign like body element */ m->mime_body.iov_base = malloc(len - (eoh - str) + 1); + if (!m->mime_body.iov_base) { + LOGERR; + freeHeader(m); + return -1; + } memcpy(m->mime_body.iov_base, eoh, len - (eoh - str)); ((char*) m->mime_body.iov_base)[len - (eoh - str)] = 0; m->mime_body.iov_len = len - (eoh - str) + 1; } else { /* multi part */ attr = www_parseAttributes(&ct); - if (!attr) + if (!attr) { + freeHeader(m); return -1; + } bd.iov_base = bd_begin(www_getAttribute(attr, "boundary")); bd.iov_len = strlen(bd.iov_base); eb = findtextpos(eoh, len - (eoh - str), bd.iov_base, bd.iov_len); @@ -592,6 +613,7 @@ mime_readPart(struct tagMIME * __restrict m, const cha if (!m->mime_prolog.iov_base) { LOGERR; www_freeAttributes(&attr); + freeHeader(m); return -1; } memcpy(m->mime_prolog.iov_base, eoh, eb - eoh); @@ -608,6 +630,7 @@ mime_readPart(struct tagMIME * __restrict m, const cha if (!m->mime_epilog.iov_base) { LOGERR; www_freeAttributes(&attr); + freeHeader(m); return -1; } memcpy(m->mime_epilog.iov_base, str, len - (eoh - str)); @@ -615,9 +638,10 @@ mime_readPart(struct tagMIME * __restrict m, const cha m->mime_epilog.iov_len = len - (eoh - str) + 1; } + + www_freeAttributes(&attr); } - www_freeAttributes(&attr); return 0; }