From 3369344387c0286c91785bac1f3f6b56cf8c3b2d Mon Sep 17 00:00:00 2001
From: Spoike <acceptthis@users.sourceforge.net>
Date: Mon, 9 Jan 2023 05:13:39 +0000
Subject: [PATCH] Handle recursive redirects better, don't silently truncate
 redirects.

git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@6327 fc73d0e0-1445-4013-8a0c-d673dee63da5
---
 engine/http/httpclient.c | 21 ++++++++++++++++++---
 engine/http/iweb.h       |  1 +
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/engine/http/httpclient.c b/engine/http/httpclient.c
index 0529543f2..04cf9a053 100644
--- a/engine/http/httpclient.c
+++ b/engine/http/httpclient.c
@@ -520,7 +520,7 @@ static qboolean HTTP_DL_Work(struct dl_download *dl)
 {
 	struct http_dl_ctx_s *con = dl->ctx;
 	char buffer[256];
-	char Location[256];
+	char Location[4096];
 	char mimetype[256];
 	char *nl;
 	char *msg;
@@ -697,13 +697,19 @@ static qboolean HTTP_DL_Work(struct dl_download *dl)
 				else if (!strnicmp(msg, "Content-Type:", 13))
 				{
 					*nl = '\0';
+					//don't worry too much about truncation. its not like we can really do much with fancy mime types anyway.
 					COM_TrimString(msg+13, mimetype, sizeof(mimetype));
 					*nl = '\n';
 				}
 				else if (!strnicmp(msg, "Location: ", 10))
 				{
 					*nl = '\0';
-					COM_TrimString(msg+10, Location, sizeof(Location));
+					if (!COM_TrimString(msg+10, Location, sizeof(Location)))
+					{
+						Con_Printf("HTTP Redirect: location too long\n");
+						dl->status = DL_FAILED;
+						return false;
+					}
 					*nl = '\n';
 				}
 				else if (!strnicmp(msg, "Content-Encoding: ", 18))
@@ -749,11 +755,20 @@ static qboolean HTTP_DL_Work(struct dl_download *dl)
 				nl = strchr(msg, '\n');
 				if (nl)
 					*nl = '\0';
-				Con_Printf("%s: %s %s (%s)\n", dl->url, buffer, COM_TrimString(msg, trimmed, sizeof(trimmed)), Location);
+				COM_TrimString(msg, trimmed, sizeof(trimmed));
+				Con_Printf("%s: %s %s (%s)\n", dl->url, buffer, trimmed, Location);
 				if (!*Location)
+				{
 					Con_Printf("Server redirected to null location\n");
+					return false;
+				}
 				else
 				{
+					if (dl->redircount++ > 10)
+					{
+						Con_Printf("HTTP: Recursive redirects\n");
+						return false;
+					}
 					HTTP_Cleanup(dl);
 					if (*Location == '/')
 					{
diff --git a/engine/http/iweb.h b/engine/http/iweb.h
index 355d4fd5c..31e7bf5f1 100644
--- a/engine/http/iweb.h
+++ b/engine/http/iweb.h
@@ -99,6 +99,7 @@ struct dl_download
 	/*stream config*/
 	char *url;	/*original url*/
 	char redir[MAX_OSPATH];	/*current redirected url*/
+	unsigned int redircount; /* so no infinite redirects with naughty servers.*/
 	char localname[MAX_OSPATH]; /*leave empty for a temp file*/
 	enum fs_relative fsroot;
 	struct vfsfile_s *file;	/*downloaded to, if not already set when starting will open localname or a temp file*/