http: add asserts for null terminator for input strings

http_rw_hd() assumes the null terminator is present. These asserts make
sure this remains true.

Closes #19741

diff --git a/lib/http.c b/lib/http.c
index 672183db0ef26121c2c90bd83787d953b34bb178..8223c6f0e213f111702cf48cafc5cd8a23692188 100644 (file)
--- a/lib/http.c
+++ b/lib/http.c
@@ -4142,6 +4142,7 @@ static CURLcode http_rw_hd(struct Curl_easy *data,
   CURLcode result = CURLE_OK;
   struct SingleRequest *k = &data->req;
   int writetype;
+  DEBUGASSERT(!hd[hdlen]); /* null terminated */
 
   *pconsumed = 0;
   if((0x0a == *hd) || (0x0d == *hd)) {
@@ -4426,6 +4427,7 @@ CURLcode Curl_http_write_resp_hd(struct Curl_easy *data,
   CURLcode result;
   size_t consumed;
   char tmp = 0;
+  DEBUGASSERT(!hd[hdlen]); /* null terminated */
 
   result = http_rw_hd(data, hd, hdlen, &tmp, 0, &consumed);
   if(!result && is_eos) {

diff --git a/lib/transfer.c b/lib/transfer.c
index f2df2cef8cbaa3fa85c28ba00abff5d6e934a26d..f0ce3c5012715ef827ad621e04d74d2a10e9fec6 100644 (file)
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -820,6 +820,7 @@ CURLcode Curl_xfer_write_resp_hd(struct Curl_easy *data,
                                  const char *hd0, size_t hdlen, bool is_eos)
 {
   if(data->conn->handler->write_resp_hd) {
+    DEBUGASSERT(!hd0[hdlen]); /* null terminated */
     /* protocol handlers offering this function take full responsibility
      * for writing all received download data to the client. */
     return data->conn->handler->write_resp_hd(data, hd0, hdlen, is_eos);