From 80a63436d388d27077fd3b776f671ec3863a2673 Mon Sep 17 00:00:00 2001
From: LinRaymond2006 <53900158+LinRaymond2006@users.noreply.github.com>
Date: Thu, 25 Jul 2024 23:04:32 +0800
Subject: [PATCH 1/2] httpd: add integer signedness check in http.c

---
 release/src/router/httpd/http.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/release/src/router/httpd/http.c b/release/src/router/httpd/http.c
index e918f3c317d..8cc15de21b8 100644
--- a/release/src/router/httpd/http.c
+++ b/release/src/router/httpd/http.c
@@ -148,6 +148,9 @@ wget(int method, const char *server, char *buf, size_t count, off_t offset)
 			for (s += 15; isblank(*s); s++);
 			chomp(s);
 			len = atoi(s);
+			if (len <= 0) {
+				return -EINVAL;
+			}
 		}
 		else if (!strncasecmp(s, "Transfer-Encoding:", 18)) {
 			for (s += 18; isblank(*s); s++);

From 3badf5804b626dd4a0526034ff76d29ae9599823 Mon Sep 17 00:00:00 2001
From: LinRaymond2006 <53900158+LinRaymond2006@users.noreply.github.com>
Date: Thu, 25 Jul 2024 23:13:30 +0800
Subject: [PATCH 2/2] httpd: add another signedness check in http.c

---
 release/src/router/httpd/http.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/release/src/router/httpd/http.c b/release/src/router/httpd/http.c
index 8cc15de21b8..70f069bb14c 100644
--- a/release/src/router/httpd/http.c
+++ b/release/src/router/httpd/http.c
@@ -160,9 +160,13 @@ wget(int method, const char *server, char *buf, size_t count, off_t offset)
 		}
 	}
 
-	if (chunked && fgets(line, sizeof(line), fp))
+	if (chunked && fgets(line, sizeof(line), fp)) {
 		len = strtol(line, NULL, 16);
-	
+		if (len <= 0) {
+			return -EINVAL;
+		}
+	}
+
 	len = (len > count) ? count : len;
 	len = fread(buf, 1, len, fp);