From 8db6f7b0e28282e9ccb2166e0b41e67031590dde Mon Sep 17 00:00:00 2001 From: orbisai0security Date: Fri, 1 May 2026 02:03:43 +0000 Subject: [PATCH] fix: V-001 security vulnerability Automated security fix generated by Orbis Security AI --- main/rfc1867.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/main/rfc1867.c b/main/rfc1867.c index 0f55a380a85e..7413388f7b2d 100644 --- a/main/rfc1867.c +++ b/main/rfc1867.c @@ -69,7 +69,8 @@ static void normalize_protected_variable(char *varname) /* {{{ */ /* and remove it */ if (s != varname) { - memmove(varname, s, strlen(s)+1); + size_t slen = strlen(s) + 1; + memmove(varname, s, slen); } for (p = varname; *p && *p != '['; p++) { @@ -596,6 +597,9 @@ static size_t multipart_buffer_read(multipart_buffer *self, char *buf, size_t by } /* maximum number of bytes we are reading */ + if (bytes == 0) { + return 0; + } len = max < bytes-1 ? max : bytes-1; /* if we read any data... */