From 68452035c67989c2d8cddd0640b1f124cc7e07d0 Mon Sep 17 00:00:00 2001
From: Dan Winship <danw@src.gnome.org>
Date: Sun, 2 Apr 2006 20:25:52 +0000
Subject: [PATCH] Rewrite Request-Line-parsing code to not have a lame max
 length. #335040.

	* libsoup/soup-headers.c (soup_headers_parse_request): Rewrite
	Request-Line-parsing code to not have a lame max length. #335040.
---
 ChangeLog              |  3 +++
 libsoup/soup-headers.c | 33 +++++++++++++++++++++++----------
 2 files changed, 26 insertions(+), 10 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index c79eb0d..1d8a127 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
 2006-04-02  Dan Winship  <danw@novell.com>
 
+	* libsoup/soup-headers.c (soup_headers_parse_request): Rewrite
+	Request-Line-parsing code to not have a lame max length. #335040.
+
 	* Makefile.am (install-data-local): Install the .pc file mode 644,
 	not 755. #330878
 
diff --git a/libsoup/soup-headers.c b/libsoup/soup-headers.c
index 552a7b6..8aad0d7 100644
--- a/libsoup/soup-headers.c
+++ b/libsoup/soup-headers.c
@@ -5,6 +5,7 @@
  * Copyright (C) 2001-2003, Ximian, Inc.
  */
 
+#include <stdlib.h>
 #include <string.h>
 #include <stdio.h>
 #include <ctype.h>
@@ -112,25 +113,37 @@ soup_headers_parse_request (char             *str,
 			    char            **req_path,
 			    SoupHttpVersion  *ver) 
 {
-	guint http_major, http_minor;
-	char method[16], path[1024];
+	gulong http_major, http_minor;
+	char *s1, *s2, *cr, *p;
 
 	if (!str || !*str)
 		return FALSE;
 
-	if (sscanf (str, 
-		    "%16s %1024s HTTP/%1u.%1u", 
-		    method,
-		    path,
-		    &http_major,
-		    &http_minor) < 4)
+	cr = memchr (str, '\r', len);
+	if (!cr)
+		return FALSE;
+
+	s1 = memchr (str, ' ', cr - str);
+	if (!s1)
+		return FALSE;
+	s2 = memchr (s1 + 1, ' ', cr - (s1 + 1));
+	if (!s2)
+		return FALSE;
+
+	if (strncmp (s2, " HTTP/", 6) != 0)
+		return FALSE;
+	http_major = strtoul (s2 + 6, &p, 10);
+	if (*p != '.')
+		return FALSE;
+	http_minor = strtoul (p + 1, &p, 10);
+	if (p != cr)
 		return FALSE;
 
 	if (!soup_headers_parse (str, len, dest)) 
 		return FALSE;
 
-	*req_method = g_strdup (method);
-	*req_path = g_strdup (path);
+	*req_method = g_strndup (str, s1 - str);
+	*req_path = g_strndup (s1 + 1, s2 - (s1 + 1));
 
 	if (ver) {
 		if (http_major == 1 && http_minor == 1) 
-- 
2.7.4