output/httpd: use strncmp instead of memcmp

memcmp use may result in out of bounds access
author: cathugger <cathugger@cock.li> 2019-06-05 00:49:15 +0300
committer: Max Kellermann <max@musicpd.org> 2019-06-05 21:53:46 +0200
commit: 4b81cf0c2c62d3591750037a8260b7e074d687c0 (patch)
tree: b74c66097a3a158b4124f69756f2db069f3595c5 /src
parent: e7acbf112c5bf6842810922e404a68d5fc629237 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/src/output/plugins/httpd/HttpdClient.cxx b/src/output/plugins/httpd/HttpdClient.cxx
index 27e1320d4..3de895092 100644
--- a/src/output/plugins/httpd/HttpdClient.cxx
+++ b/src/output/plugins/httpd/HttpdClient.cxx
@@ -71,10 +71,10 @@ HttpdClient::HandleLine(const char *line) noexcept
 	assert(state != State::RESPONSE);
 
 	if (state == State::REQUEST) {
-		if (memcmp(line, "HEAD /", 6) == 0) {
+		if (strncmp(line, "HEAD /", 6) == 0) {
 			line += 6;
 			head_method = true;
-		} else if (memcmp(line, "GET /", 5) == 0) {
+		} else if (strncmp(line, "GET /", 5) == 0) {
 			line += 5;
 		} else {
 			/* only GET is supported */
@@ -84,7 +84,7 @@ HttpdClient::HandleLine(const char *line) noexcept
 		}
 
 		line = strchr(line, ' ');
-		if (line == nullptr || memcmp(line + 1, "HTTP/", 5) != 0) {
+		if (line == nullptr || strncmp(line + 1, "HTTP/", 5) != 0) {
 			/* HTTP/0.9 without request headers */
 
 			if (head_method)
author	cathugger <cathugger@cock.li>	2019-06-05 00:49:15 +0300
committer	Max Kellermann <max@musicpd.org>	2019-06-05 21:53:46 +0200
commit	4b81cf0c2c62d3591750037a8260b7e074d687c0 (patch)
tree	b74c66097a3a158b4124f69756f2db069f3595c5 /src
parent	e7acbf112c5bf6842810922e404a68d5fc629237 (diff)