httpclient: don't read more than the client wants

When `git_http_client_read_body` is invoked, it provides the size of the buffer that can be read into. This will be set as the parser context's `output_size` member. Use this as an upper limit on our reads, and ensure that we do not read more than the client requests.

httpclient: don't read more than the client wants
When `git_http_client_read_body` is invoked, it provides the size of the buffer that can be read into. This will be set as the parser context's `output_size` member. Use this as an upper limit on our reads, and ensure that we do not read more than the client requests.
bc61161b · Edward Thomson · ed045f09 · bc61161b
Commit bc61161b authored Jun 01, 2020 by Edward Thomson
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

src/transports/httpclient.c
+4 -0

No files found.
--- a/src/transports/httpclient.c
+++ b/src/transports/httpclient.c
@@ -1038,6 +1038,7 @@ on_error:
 GIT_INLINE(int) client_read(git_http_client *client)
 {
+	http_parser_context *parser_context = client->parser.data;
 	git_stream *stream;
 	char *buf = client->read_buf.ptr + client->read_buf.size;
 	size_t max_len;
@@ -1054,6 +1055,9 @@ GIT_INLINE(int) client_read(git_http_client *client)
 	max_len = client->read_buf.asize - client->read_buf.size;
 	max_len = min(max_len, INT_MAX);
+	if (parser_context->output_size)
+		max_len = min(max_len, parser_context->output_size);
 	if (max_len == 0) {
 		git_error_set(GIT_ERROR_HTTP, "no room in output buffer");
 		return -1;