Address some issues I found in chunked decoder:

(1) stricter parsing of chunk-size (don't allow leading/trailing whitespace, redundant "+" sign, leading "0x")
(2) check for negative chunk sizes, and fail early rather than hitting weird stuff
(3) don't mutate the const char* returned by std::string::data()
(4) fail if CRLF terminator is missing on chunk-data.
(why the spec has this in first place seems unecessary, since the chunk-size already tells the story...)
(5) don't allow empty CRLFs


git-svn-id: svn://svn.chromium.org/chrome/trunk/src@853 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 9 insertions, 1 deletions

diff --git a/net/http/http_chunked_decoder.h b/net/http/http_chunked_decoder.h
index 799ebfd..970d1d1 100644
--- a/net/http/http_chunked_decoder.h
+++ b/net/http/http_chunked_decoder.h
@@ -87,11 +87,19 @@ class HttpChunkedDecoder {
   // Scan |buf| for the next chunk delimiter.  This method returns the number
   // of bytes consumed from |buf|.  If found, |chunk_remaining_| holds the
   // value for the next chunk size.
-  int ScanForChunkRemaining(char* buf, int buf_len);
+  int ScanForChunkRemaining(const char* buf, int buf_len);
+
+  // Convert string |start| of length |len| to a numeric value.
+  // |start| is a string of type "chunk-size" (hex string).
+  // If the conversion succeeds, return true and place the result in |out|.
+  static bool ParseChunkSize(const char* start, int len, int* out); 
 
   // Indicates the number of bytes remaining for the current chunk.
   int chunk_remaining_;
 
+  // True if waiting for the terminal CRLF of a chunk's data.
+  bool chunk_terminator_remaining_;
+
   // A small buffer used to store a partial chunk marker.
   std::string line_buf_;