commit 94695a5
uint
·
2026-01-30 16:56:18 +0000 UTC
parent 9f221a6
bail on failure for reply, cors_build
1 files changed,
+9,
-5
+9,
-5
1@@ -113,9 +113,10 @@ static int cors_build(char* out, size_t outsz, const char* hdr, int preflight)
2
3 if (n < 0)
4 return 0;
5- if ((size_t)n >= outsz)
6- out[outsz - 1] = '\0';
7-
8+ if ((size_t)n >= outsz) {
9+ out[0] = '\0';
10+ return 0;
11+ }
12 return 1;
13 }
14
15@@ -358,8 +359,11 @@ static void reply(int c, const char* hdr, const char* status, const char* ctype,
16 if (n < 0)
17 return;
18
19- if ((size_t)n >= sizeof(resp))
20- n = (int)(sizeof(resp) - 1);
21+ if ((size_t)n >= sizeof(resp)) {
22+ /* fail if header too large */
23+ reply_text(c, hdr, HTTP_500, "server error\n");
24+ return;
25+ }
26
27 (void)write_all(c, resp, (size_t)n);
28