From 52a0764812dd530014455c6da70904cad7236553 Mon Sep 17 00:00:00 2001
From: Joris Vink <joris@coders.se>
Date: Tue, 15 Apr 2014 21:18:23 +0200
Subject: [PATCH] HTTP Post improvements for handlers.

Don't crash if we get a Content-length:0 on POST and our
handlers call http_populate_arguments().
---
 src/http.c | 13 +++++++++++++
 src/spdy.c |  5 +++++
 2 files changed, 18 insertions(+)

diff --git a/src/http.c b/src/http.c
index 3053e08..5790e4c 100644
--- a/src/http.c
+++ b/src/http.c
@@ -466,6 +466,11 @@ http_header_recv(struct netbuf *nb)
 
 		kore_mem_free(p);
 
+		if (clen == 0) {
+			req->flags |= HTTP_REQUEST_COMPLETE;
+			return (KORE_RESULT_OK);
+		}
+
 		if (clen > http_postbody_max) {
 			kore_log(LOG_NOTICE, "POST data too large (%ld > %ld)",
 			    clen, http_postbody_max);
@@ -504,6 +509,8 @@ http_populate_arguments(struct http_request *req)
 	char			*query, *args[HTTP_MAX_QUERY_ARGS], *val[3];
 
 	if (req->method == HTTP_METHOD_POST) {
+		if (req->post_data == NULL)
+			return (0);
 		query = http_post_data_text(req);
 	} else {
 		if (req->query_string == NULL)
@@ -878,6 +885,9 @@ http_post_data_text(struct http_request *req)
 	u_int8_t	*data;
 	char		*text;
 
+	if (req->post_data == NULL)
+		return (NULL);
+
 	data = kore_buf_release(req->post_data, &len);
 	req->post_data = NULL;
 	len++;
@@ -894,6 +904,9 @@ http_post_data_bytes(struct http_request *req, u_int32_t *len)
 {
 	u_int8_t	*data;
 
+	if (req->post_data == NULL)
+		return (NULL);
+
 	data = kore_buf_release(req->post_data, len);
 	req->post_data = NULL;
 
diff --git a/src/spdy.c b/src/spdy.c
index e9be3e3..c03eafc 100644
--- a/src/spdy.c
+++ b/src/spdy.c
@@ -658,6 +658,11 @@ spdy_data_frame_recv(struct netbuf *nb)
 
 		kore_mem_free(content);
 
+		if (s->post_size == 0) {
+			req->flags |= HTTP_REQUEST_COMPLETE;
+			return (KORE_RESULT_OK);
+		}
+
 		if (s->post_size > http_postbody_max) {
 			kore_log(LOG_NOTICE, "POST data too large (%ld > %ld)",
 			    s->post_size, http_postbody_max);