Thanks for the review. I saw only reaction of the Jeff in the original thread and though that it is ok otherwise. I'm fixing the things you mentioned. On Thu, Nov 23, 2017 at 08:30:39PM -0500, Eric Sunshine wrote: >> +static ssize_t read_request_fix_len(int fd, size_t req_len, unsigned char **out) > > Wrong data type: s/size_t req_len/ssize_t req_len/ Passing negative value to the function makes no sense. I could add explicit type cast to make it clear. It should be safe as site_t's range is bigger, and overflown CONTENT_LENGTH results in die() at parsing (I have a test which verifies it) > Rather than writing an entirely new "read" function, how about just > modifying the existing read_request() to optionally limit the read to > a specified number of bytes? I'll check it a bit separately. -- Max
