[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 161/178: http: restore buffer pointer when bad resp
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 161/178: http: restore buffer pointer when bad response-line is parsed |
Date: |
Wed, 23 May 2018 12:26:36 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 8c7b3737d29ed5c0575bf592063de8a51450812d
Author: Daniel Stenberg <address@hidden>
AuthorDate: Sat Mar 24 23:47:41 2018 +0100
http: restore buffer pointer when bad response-line is parsed
... leaving the k->str could lead to buffer over-reads later on.
CVE: CVE-2018-1000301
Assisted-by: Max Dymond
Detected by OSS-Fuzz.
Bug: https://curl.haxx.se/docs/adv_2018-b138.html
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7105
---
lib/http.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/lib/http.c b/lib/http.c
index 1a313b4fb..e080ae513 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -3014,6 +3014,8 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy
*data,
{
CURLcode result;
struct SingleRequest *k = &data->req;
+ ssize_t onread = *nread;
+ char *ostr = k->str;
/* header line within buffer loop */
do {
@@ -3078,7 +3080,9 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy
*data,
else {
/* this was all we read so it's all a bad header */
k->badheader = HEADER_ALLBAD;
- *nread = (ssize_t)rest_length;
+ *nread = onread;
+ k->str = ostr;
+ return CURLE_OK;
}
break;
}
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 126/178: CURLINFO_PROTOCOL.3: mention the existing defined names, (continued)
- [GNUnet-SVN] [gnurl] 126/178: CURLINFO_PROTOCOL.3: mention the existing defined names, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 113/178: ftplistparser: keep state between invokes, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 124/178: checksrc: force indentation of lines after an else, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 107/178: ftplistparser: renamed some members and variables, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 108/178: ftplistparser: keep state between invokes, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 132/178: KNOWN_BUGS: --upload-file . hang if delay in STDIN, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 134/178: KNOWN_BUGS: Client cert with Issuer DN differs between backends, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 130/178: travis: enable libssh2 on both macos and Linux, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 127/178: tests: provide 'manual' as a feature to optionally require, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 142/178: URL: fix ASCII dependency in strcpy_url and strlen_url, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 161/178: http: restore buffer pointer when bad response-line is parsed,
gnunet <=
- [GNUnet-SVN] [gnurl] 133/178: KNOWN_BUGS: Passive transfer tries only one IP address, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 145/178: travis: add an mbedtls build, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 156/178: openssl: change FILE ops to BIO ops, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 139/178: Revert "TODO: remove configure --disable-pthreads", gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 140/178: RELEASE-NOTES: synced, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 174/178: http2: remove unused variable, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 176/178: THANKS: added people from the curl 7.60.0 release, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 152/178: URLs: fix one more http url, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 138/178: vtls: don't define MD5_DIGEST_LENGTH for wolfssl, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 141/178: docs: remove extraneous commas in man pages, gnunet, 2018/05/23