output/httpd: use strncmp instead of memcmp

memcmp use may result in out of bounds access

output/httpd: use strncmp instead of memcmp
4b81cf0c · cathugger · Max Kellermann · e7acbf11 · 4b81cf0c
Commit 4b81cf0c authored Jun 05, 2019 by cathugger Committed by Max Kellermann Jun 05, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 3 deletions

HttpdClient.cxx src/output/plugins/httpd/HttpdClient.cxx +3 -3

No files found.
--- a/src/output/plugins/httpd/HttpdClient.cxx
+++ b/src/output/plugins/httpd/HttpdClient.cxx
@@ -71,10 +71,10 @@ HttpdClient::HandleLine(const char *line) noexcept
 	assert(state != State::RESPONSE);

 	if (state == State::REQUEST) {
-		if (memcmp(line, "HEAD /", 6) == 0) {
+		if (strncmp(line, "HEAD /", 6) == 0) {
 			line += 6;
 			head_method = true;
-		} else if (memcmp(line, "GET /", 5) == 0) {
+		} else if (strncmp(line, "GET /", 5) == 0) {
 			line += 5;
 		} else {
 			/* only GET is supported */
@@ -84,7 +84,7 @@ HttpdClient::HandleLine(const char *line) noexcept
 		}

 		line = strchr(line, ' ');
-		if (line == nullptr || memcmp(line + 1, "HTTP/", 5) != 0) {
+		if (line == nullptr || strncmp(line + 1, "HTTP/", 5) != 0) {
 			/* HTTP/0.9 without request headers */

 			if (head_method)