From 82cde6050dad20bffb51a96389af5aa23cc87b3f Mon Sep 17 00:00:00 2001
From: User65k <d4n@posteo.de>
Date: Tue, 28 Mar 2017 18:01:06 +0200
Subject: [PATCH] BufferOverflow + HTTP Header size max

---
 Source/Core/NptHttp.cpp    | 2 ++
 Source/Core/NptStrings.cpp | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/Source/Core/NptHttp.cpp b/Source/Core/NptHttp.cpp
index 430a369..250039b 100644
--- a/Source/Core/NptHttp.cpp
+++ b/Source/Core/NptHttp.cpp
@@ -180,6 +180,8 @@ NPT_HttpHeaders::Parse(NPT_BufferedInputStream& stream)
             break;
         }
         if (header_pending && (line[0] == ' ' || line[0] == '\t')) {
+            // limit size of multiline header
+            if (header_value.GetLength() >= NPT_HTTP_PROTOCOL_MAX_LINE_LENGTH) continue;
             // continuation (folded header)
             header_value.Append(line.GetChars()+1, line.GetLength()-1);
         } else {
diff --git a/Source/Core/NptStrings.cpp b/Source/Core/NptStrings.cpp
index f0106cd..5861b68 100644
--- a/Source/Core/NptStrings.cpp
+++ b/Source/Core/NptStrings.cpp
@@ -377,6 +377,9 @@ NPT_String::Append(const char* str, NPT_Size length)
     NPT_Size old_length = GetLength();
     NPT_Size new_length = old_length + length;
 
+    // avoid Buffer Overflow
+    if(new_length < old_length) return;
+
     // allocate enough space
     Reserve(new_length);