From: Fabian Keil Date: Mon, 8 Feb 2021 09:59:23 +0000 (+0100) Subject: decompress_iob(): Don't advance cur past eod X-Git-Tag: v_3_0_32~29 X-Git-Url: http://www.privoxy.org/gitweb/%22https:/developer-manual/faq/user-manual/static?a=commitdiff_plain;h=ebf8e996becaa6488e2d1e6073db0d3da5971beb;p=privoxy.git decompress_iob(): Don't advance cur past eod ... when looking for the end of the file name and comment. I could not come up with a test case where the previous behaviour resulted in reading of uninitialized data but advancing past eod still seems wrong. --- diff --git a/parsers.c b/parsers.c index f905c92a..999c715e 100644 --- a/parsers.c +++ b/parsers.c @@ -634,14 +634,14 @@ jb_err decompress_iob(struct client_state *csp) if (flags & GZIP_FLAG_FILE_NAME) { /* A null-terminated string is supposed to follow. */ - while (*cur++ && (cur < csp->iob->eod)); + while ((cur < csp->iob->eod) && *cur++); } /* Skip the comment if necessary. */ if (flags & GZIP_FLAG_COMMENT) { /* A null-terminated string is supposed to follow. */ - while (*cur++ && (cur < csp->iob->eod)); + while ((cur < csp->iob->eod) && *cur++); } /* Skip the CRC if necessary. */