From 4feb323f166b1151232267d7825de27cc6ba82cb Mon Sep 17 00:00:00 2001
From: Eduardo Silva <eduardo@calyptia.com>
Date: Wed, 9 Oct 2024 12:30:44 -0600
Subject: [PATCH] lib: monkey: upgrade to v1.8.1

Signed-off-by: Eduardo Silva <eduardo@calyptia.com>
---
 lib/monkey/include/monkey/mk_http_parser.h |  5 ++
 lib/monkey/mk_server/mk_http_parser.c      | 68 ++++++++++++++++------
 2 files changed, 54 insertions(+), 19 deletions(-)

diff --git a/lib/monkey/include/monkey/mk_http_parser.h b/lib/monkey/include/monkey/mk_http_parser.h
index 8e8ebc83f21..2a197d70dc6 100644
--- a/lib/monkey/include/monkey/mk_http_parser.h
+++ b/lib/monkey/include/monkey/mk_http_parser.h
@@ -392,4 +392,9 @@ int mk_http_parser_chunked_decode(struct mk_http_parser *p,
                                   char *buf_request, size_t buf_request_len,
                                   char **out_buf, size_t *out_buf_size);
 
+int mk_http_parser_chunked_decode_buf(struct mk_http_parser *p,
+                                      char *buf_request, size_t buf_request_len,
+                                      char *out_buf, size_t out_buf_size, size_t *out_buf_len);
+
+
 #endif /* MK_HTTP_H */
diff --git a/lib/monkey/mk_server/mk_http_parser.c b/lib/monkey/mk_server/mk_http_parser.c
index 428ec3d081f..ef6a7476699 100644
--- a/lib/monkey/mk_server/mk_http_parser.c
+++ b/lib/monkey/mk_server/mk_http_parser.c
@@ -618,43 +618,73 @@ static int cb_copy_chunk(char *in, size_t in_len, char *out, size_t out_size, si
 {
     (void) out_size;
 
+    /* check we don't overflow the buffer */
+    if (*out_len_processed + in_len > out_size) {
+        return -1;
+    }
+
+    /* copy the chunk */
     memcpy(out + *out_len_processed, in, in_len);
     *out_len_processed += in_len;
 
     return 0;
 }
 
+/*
+ * This function assumes that the output buffer size has enough space to copy the desired
+ * chunked content. We do some sanity checks but if the buffer is smaller the data will
+ * be truncated.
+ */
+int mk_http_parser_chunked_decode_buf(struct mk_http_parser *p,
+                                      char *buf_request, size_t buf_request_len,
+                                      char *out_buf, size_t out_buf_size, size_t *out_buf_len)
+{
+    int ret;
+    size_t written_bytes = 0;
+
+    ret = mk_http_parser_read_chunked_content(p,
+                                              buf_request, buf_request_len,
+                                              cb_copy_chunk,
+                                              out_buf, out_buf_size, &written_bytes);
+    if (ret == MK_HTTP_PARSER_OK) {
+        *out_buf_len = written_bytes;
+        return 0;
+    }
+
+    return -1;
+}
+
 int mk_http_parser_chunked_decode(struct mk_http_parser *p,
-                                  char *buf_request, size_t buf_request_len,
-                                  char **out_buf, size_t *out_buf_size)
+                                    char *buf_request, size_t buf_request_len,
+                                    char **out_buf, size_t *out_buf_size)
 {
     int ret;
-    size_t size;
-    size_t tmp = 0;
-    char *out;
+    char *tmp_buf;
+    size_t tmp_buf_size = 0;
+    size_t tmp_written_bytes = 0;
 
-    size = mk_http_parser_content_length(p);
-    if (size == 0) {
+    tmp_buf_size = mk_http_parser_content_length(p);
+    if (tmp_buf_size == 0) {
         return -1;
     }
 
-    out = mk_mem_alloc(size);
-    if (!out) {
+    tmp_buf = mk_mem_alloc(tmp_buf_size);
+    if (!tmp_buf) {
         return -1;
     }
 
-    ret = mk_http_parser_read_chunked_content(p,
-                                              buf_request, buf_request_len,
-                                              cb_copy_chunk,
-                                              out, size, &tmp);
-    if (ret == MK_HTTP_PARSER_OK) {
-        *out_buf = out;
-        *out_buf_size = size;
-        return 0;
+    ret = mk_http_parser_chunked_decode_buf(p,
+                                            buf_request, buf_request_len,
+                                            tmp_buf, tmp_buf_size, &tmp_written_bytes);
+    if (ret == -1) {
+        mk_mem_free(tmp_buf);
+        return -1;
     }
 
-    mk_mem_free(out);
-    return -1;
+    *out_buf = tmp_buf;
+    *out_buf_size = tmp_written_bytes;
+
+    return 0;
 }
 
 /*