From: Fabian Keil <fk@fabiankeil.de>
Date: Sun, 7 Feb 2021 16:52:58 +0000 (+0100)
Subject: decompress_iob(): Prevent reading of uninitialized data
X-Git-Tag: v_3_0_32~28
X-Git-Url: http://www.privoxy.org/gitweb/%22https:/@user-manual@@actions-help-prefix@FORWARD-OVERRIDE?a=commitdiff_plain;h=f018685d6;p=privoxy.git

decompress_iob(): Prevent reading of uninitialized data

Reported by: Joshua Rogers (Opera).
---

diff --git a/parsers.c b/parsers.c
index 999c715e..3197c4ff 100644
--- a/parsers.c
+++ b/parsers.c
@@ -608,6 +608,14 @@ jb_err decompress_iob(struct client_state *csp)
              * XXX: this code is untested and should probably be removed.
              */
             int skip_bytes;
+
+            if (cur + 2 >= csp->iob->eod)
+            {
+               log_error(LOG_LEVEL_ERROR,
+                  "gzip extra field flag set but insufficient data available.");
+               return JB_ERR_COMPRESS;
+            }
+
             skip_bytes = *cur++;
             skip_bytes += (unsigned char)*cur++ << 8;