From 0e8e6c3742b6596df661a0bceeb8e97d50f96444 Mon Sep 17 00:00:00 2001
From: Xavier Del Campo Romero <xavi.dcr@tutanota.com>
Date: Sat, 4 Mar 2023 02:34:55 +0100
Subject: http.c: Improve error detection for strotull(3)

set_length relies on user input to determine Content-Length, so it
should be considered unreliable.
---
 http.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'http.c')

diff --git a/http.c b/http.c
index 448de24..dfb335d 100644
--- a/http.c
+++ b/http.c
@@ -562,7 +562,18 @@ failure:
 
 static int set_length(struct http_ctx *const h, const char *const len)
 {
-    h->ctx.post.len = strtoull(len, NULL, 10);
+    char *end;
+
+    errno = 0;
+    h->ctx.post.len = strtoull(len, &end, 10);
+
+    if (errno || *end != '\0')
+    {
+        fprintf(stderr, "%s: invalid length %s: %s\n",
+            __func__, len, strerror(errno));
+        return 1;
+    }
+
     return 0;
 }
 
-- 
cgit v1.2.3