'm happy that you liked my bug report 8-)
Another solution could be also:
if(reqStrSize < 8) return False;
placed at the beginning of the function (for avoiding the first
instructions since we already know that the data is invalid) or
naturally before that for().
BYEZ
---
d j = i+1;
while (j < reqStrSize && (reqStr[j] == ' ' || reqStr[j] == '\t')) ++j;
for (j = i+1; j < reqStrSize-8; ++j) {
...
Testing the bug is trivial so no PoC is needed, just send "x x" (without
") followed by 2 CR/LF, for a total of 7 bytes.
