[Asterisk-code-review] http.c: Support separated HTTP request (asterisk[master])
Corey Farrell
asteriskteam at digium.com
Wed Jan 9 10:48:40 CST 2019
Corey Farrell has posted comments on this change. ( https://gerrit.asterisk.org/10869 )
Change subject: http.c: Support separated HTTP request
......................................................................
Patch Set 3: Code-Review-1
(4 comments)
https://gerrit.asterisk.org/#/c/10869/3/main/http.c
File main/http.c:
https://gerrit.asterisk.org/#/c/10869/3/main/http.c@85
PS3, Line 85: #define MAX_CONTENT_LENGTH 40960
ast_http_create_response uses MAX_CONTENT_LENGTH for the default buffer size of the response. I suspect the vast majority of responses are much smaller than 40k, I don't think it's appropriate to allocate so much memory in this function (this is the reason for me giving -1).
This expands the maximum bytes accepted by ast_http_get_contents which is run before checking authentication on HTTP requests. I'm inclined to think that 40k isn't a risk of over-running memory but I'm mentioning it to be sure others give this a thought.
https://gerrit.asterisk.org/#/c/10869/3/main/http.c@922
PS3, Line 922: total = 0;
Nit: Please initialize in the declaration, `int total = 0;` above.
https://gerrit.asterisk.org/#/c/10869/3/main/http.c@923
PS3, Line 923: while(1) {
Nit: while is not a function, we put a space after it `while (1) {`.
I think we could also use `while (total != length)`, then get rid of the `if (total >= length) { break; }` below. Once the call to ast_iostream_read is fixed to prevent buffer overrun `total > length` will be impossible.
https://gerrit.asterisk.org/#/c/10869/3/main/http.c@924
PS3, Line 924: res = ast_iostream_read(ser->stream, buf + total, length);
I think this allows buffer overrun after the first iteration (when total != 0).
--
To view, visit https://gerrit.asterisk.org/10869
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings
Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I48a401aa64a21c3b37bf3cb4e0486d64b7dd8aa1
Gerrit-Change-Number: 10869
Gerrit-PatchSet: 3
Gerrit-Owner: sungtae kim <pchero21 at gmail.com>
Gerrit-Reviewer: Corey Farrell <git at cfware.com>
Gerrit-Reviewer: Friendly Automation (1000185)
Gerrit-Reviewer: Michael L. Young <elgueromexicano at gmail.com>
Gerrit-Comment-Date: Wed, 09 Jan 2019 16:48:40 +0000
Gerrit-HasComments: Yes
Gerrit-HasLabels: Yes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20190109/a6aea1a0/attachment.html>
More information about the asterisk-code-review
mailing list