Skip to content

Commit 0fc9324

Browse files
vaidas-shopifyvaidas-shopify
committed
Validate strtol and pirnt warning when failed
1 parent 4d9ef01 commit 0fc9324

File tree

1 file changed

+28
-21
lines changed

1 file changed

+28
-21
lines changed

http.c

Lines changed: 28 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -273,30 +273,37 @@ static size_t fwrite_wwwauth(char *ptr, size_t eltsize, size_t nmemb, void *p)
273273
strbuf_add(&buf, val, val_len);
274274
strbuf_trim(&buf);
275275

276-
if (slot && slot->results) {
277-
/* Parse the retry-after value (delay-seconds or HTTP-date) */
278-
char *endptr;
279-
long retry_after = strtol(buf.buf, &endptr, 10);
280-
281-
/* Check if it's a valid integer (delay-seconds format) */
282-
if (endptr != buf.buf && *endptr == '\0' && retry_after > 0) {
283-
slot->results->retry_after = retry_after;
284-
} else {
285-
/* Try parsing as HTTP-date format */
286-
timestamp_t timestamp;
287-
int offset;
288-
if (!parse_date_basic(buf.buf, &timestamp, &offset)) {
289-
/* Successfully parsed as date, calculate delay from now */
290-
timestamp_t now = time(NULL);
291-
if (timestamp > now) {
292-
slot->results->retry_after = (long)(timestamp - now);
293-
} else {
294-
/* Past date means retry immediately */
295-
slot->results->retry_after = 0;
296-
}
276+
if (slot && slot->results) {
277+
/* Parse the retry-after value (delay-seconds or HTTP-date) */
278+
char *endptr;
279+
long retry_after;
280+
281+
errno = 0;
282+
retry_after = strtol(buf.buf, &endptr, 10);
283+
284+
/* Check if it's a valid integer (delay-seconds format) */
285+
if (endptr != buf.buf && *endptr == '\0' &&
286+
errno != ERANGE && retry_after > 0) {
287+
slot->results->retry_after = retry_after;
288+
} else {
289+
/* Try parsing as HTTP-date format */
290+
timestamp_t timestamp;
291+
int offset;
292+
if (!parse_date_basic(buf.buf, &timestamp, &offset)) {
293+
/* Successfully parsed as date, calculate delay from now */
294+
timestamp_t now = time(NULL);
295+
if (timestamp > now) {
296+
slot->results->retry_after = (long)(timestamp - now);
297+
} else {
298+
/* Past date means retry immediately */
299+
slot->results->retry_after = 0;
297300
}
301+
} else {
302+
/* Failed to parse as either delay-seconds or HTTP-date */
303+
warning(_("unable to parse Retry-After header value: '%s'"), buf.buf);
298304
}
299305
}
306+
}
300307

301308
http_auth.header_is_last_match = 1;
302309
goto exit;

0 commit comments

Comments
 (0)