[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 71/205: tool_writeout: fixed a buffer read overrun
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 71/205: tool_writeout: fixed a buffer read overrun on --write-out |
Date: |
Thu, 20 Apr 2017 16:20:11 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to annotated tag gnurl-7.54.0
in repository gnurl.
commit 1890d59905414ab84a35892b2e45833654aa5c13
Author: Dan Fandrich <address@hidden>
AuthorDate: Sat Mar 11 10:59:34 2017 +0100
tool_writeout: fixed a buffer read overrun on --write-out
If a % ended the statement, the string's trailing NUL would be skipped
and memory past the end of the buffer would be accessed and potentially
displayed as part of the --write-out output. Added tests 1440 and 1441
to check for this kind of condition.
Reported-by: Brian Carpenter
---
src/tool_writeout.c | 2 +-
tests/data/Makefile.inc | 2 +-
tests/data/test1440 | 31 +++++++++++++++++++++++++++++++
tests/data/test1441 | 31 +++++++++++++++++++++++++++++++
4 files changed, 64 insertions(+), 2 deletions(-)
diff --git a/src/tool_writeout.c b/src/tool_writeout.c
index 2fb77742a..7843182f2 100644
--- a/src/tool_writeout.c
+++ b/src/tool_writeout.c
@@ -113,7 +113,7 @@ void ourWriteOut(CURL *curl, struct OutStruct *outs, const
char *writeinfo)
double doubleinfo;
while(ptr && *ptr) {
- if('%' == *ptr) {
+ if('%' == *ptr && ptr[1]) {
if('%' == ptr[1]) {
/* an escaped %-letter */
fputc('%', stream);
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 7742bcfec..a6a06b81f 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -153,7 +153,7 @@ test1408 test1409 test1410 test1411 test1412 test1413
test1414 test1415 \
test1416 test1417 test1418 test1419 test1420 test1421 test1422 test1423 \
test1424 \
test1428 test1429 test1430 test1431 test1432 test1433 test1434 test1435 \
-test1436 test1437 test1438 test1439 \
+test1436 test1437 test1438 test1439 test1440 test1441 \
\
test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \
test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \
diff --git a/tests/data/test1440 b/tests/data/test1440
new file mode 100644
index 000000000..7ed0c4d5f
--- /dev/null
+++ b/tests/data/test1440
@@ -0,0 +1,31 @@
+<testcase>
+<info>
+<keywords>
+--write-out
+</keywords>
+</info>
+# Server-side
+<reply>
+</reply>
+
+# Client-side
+<client>
+<server>
+file
+</server>
+
+<name>
+Check --write-out with trailing %{
+</name>
+<command>
+file://localhost/%PWD/log/ --write-out '%{'
+</command>
+</client>
+
+# Verify data
+<verify>
+<stdout nonewline="yes">
+%{
+</stdout>
+</verify>
+</testcase>
diff --git a/tests/data/test1441 b/tests/data/test1441
new file mode 100644
index 000000000..6e253a690
--- /dev/null
+++ b/tests/data/test1441
@@ -0,0 +1,31 @@
+<testcase>
+<info>
+<keywords>
+--write-out
+</keywords>
+</info>
+# Server-side
+<reply>
+</reply>
+
+# Client-side
+<client>
+<server>
+file
+</server>
+
+<name>
+Check --write-out with trailing %
+</name>
+<command>
+file://localhost/%PWD/log/ --write-out '%'
+</command>
+</client>
+
+# Verify data
+<verify>
+<stdout nonewline="yes">
+%
+</stdout>
+</verify>
+</testcase>
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 67/205: tests: fix the authretry tests, (continued)
- [GNUnet-SVN] [gnurl] 67/205: tests: fix the authretry tests, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 60/205: ISSUE_TEMPLATE: for bugs, ask questions on the mailing list, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 65/205: curl_easy_reset: Also reset the authentication state, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 62/205: cmdline-opts: fixed a few typos, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 61/205: README.md: add coverity and travis badges, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 58/205: tests: disabled 1903 now, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 83/205: CURLINFO_LOCAL_PORT.3: added example, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 79/205: build: removed redundant DEPENDENCIES from makefiles, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 82/205: SSLCERTS.md: mention HTTPS proxies and their separate options, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 53/205: bump: next release will be known as 7.54.0, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 71/205: tool_writeout: fixed a buffer read overrun on --write-out,
gnunet <=
- [GNUnet-SVN] [gnurl] 87/205: tests: strip more options from non-HTTP --libcurl tests, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 84/205: CURLINFO_LOCAL_PORT.3: fix typo, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 39/205: ares: better error return on timeouts, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 109/205: openssl: fix comparison between signed and unsigned integer expressions, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 80/205: KNOWN_BUGS: remove libidn related issue, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 92/205: multi: fix streamclose() crash in debug mode, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 66/205: proxy: skip SSL initialization for closed connections, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 75/205: make: regenerate docs/curl.1 by runinng make in docs, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 100/205: test2033: flaky, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 89/205: tests: fixed the documented test server port numbers, gnunet, 2017/04/20