[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 147/163: smtp: use the upload buffer size for scrat
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnurl] 147/163: smtp: use the upload buffer size for scratch buffer malloc |
|
Date: |
Sun, 05 Aug 2018 12:37:53 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit ba1dbd78e5f1ed67c1b8d37ac89d90e5e330b628
Author: Daniel Stenberg <address@hidden>
AuthorDate: Wed Jun 13 12:24:40 2018 +0200
smtp: use the upload buffer size for scratch buffer malloc
... not the read buffer size, as that can be set smaller and thus cause
a buffer overflow! CVE-2018-0500
Reported-by: Peter Wu
Bug: https://curl.haxx.se/docs/adv_2018-70a2.html
---
lib/smtp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/smtp.c b/lib/smtp.c
index e6872badb..ecf10a41a 100644
--- a/lib/smtp.c
+++ b/lib/smtp.c
@@ -1563,13 +1563,14 @@ CURLcode Curl_smtp_escape_eob(struct connectdata *conn,
const ssize_t nread)
if(!scratch || data->set.crlf) {
oldscratch = scratch;
- scratch = newscratch = malloc(2 * data->set.buffer_size);
+ scratch = newscratch = malloc(2 * UPLOAD_BUFSIZE);
if(!newscratch) {
failf(data, "Failed to alloc scratch buffer!");
return CURLE_OUT_OF_MEMORY;
}
}
+ DEBUGASSERT(UPLOAD_BUFSIZE >= nread);
/* Have we already sent part of the EOB? */
eob_sent = smtp->eob;
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 111/163: multi: fix crash due to dangling entry in connect-pending list, (continued)
- [GNUnet-SVN] [gnurl] 111/163: multi: fix crash due to dangling entry in connect-pending list, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 116/163: include/README: remove "hacking" advice, not the right place, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 118/163: GOVERNANCE: add maintainer details/duties, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 113/163: netrc: use a larger buffer, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 103/163: maketgz: delete .bak files, fix indentation, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 97/163: CURLOPT_HTTPAUTH.3: CURLAUTH_BEARER was added in 7.61.0, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 148/163: examples: fix -Wformat warnings, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 131/163: telnet: fix clang warnings, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 137/163: RELEASE-NOTES: synced, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 127/163: RELEASE-NOTES: synced, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 147/163: smtp: use the upload buffer size for scratch buffer malloc,
gnunet <=
- [GNUnet-SVN] [gnurl] 125/163: CURLINFO_TLS_SSL_PTR.3: improve the example, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 160/163: gnurl: post-merge adjustments, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 152/163: schannel: fix -Wsign-compare warning, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 151/163: schannel: workaround for wrong function signature in w32api, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 158/163: release: 7.61.0, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 155/163: CMake: remove redundant and old end-of-block syntax, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 115/163: RELEASE-NOTES: synced, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 145/163: darwinssl: allow High Sierra users to build the code using GCC, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 141/163: libssh: goto DISCONNECT state on error, not SSH_SESSION_FREE, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 130/163: docs: fix missed option name markups, gnunet, 2018/08/05