From: Fabian Keil Date: Fri, 5 Feb 2021 04:06:56 +0000 (+0100) Subject: chunked_body_is_complete(): Prevent invalid read of size two X-Git-Tag: v_3_0_32~13 X-Git-Url: http://www.privoxy.org/gitweb/%22https:/faq/developer-manual/man-page/static/@user-manual@@actions-help-prefix@HANDLE-AS-EMPTY-DOCUMENT?a=commitdiff_plain;h=a912ba7bc9ce5855a810d09332e9d94566ce1521;p=privoxy.git chunked_body_is_complete(): Prevent invalid read of size two OVE-20210205-0001. Reported by: Joshua Rogers (Opera) --- diff --git a/jcc.c b/jcc.c index bb6a8fa4..12e77364 100644 --- a/jcc.c +++ b/jcc.c @@ -1503,6 +1503,12 @@ static enum chunk_status chunked_body_is_complete(struct iob *iob, size_t *lengt /* Move beyond the chunkdata. */ p += 2 + chunksize; + /* Make sure we're still within the buffer and have two bytes left */ + if (p + 2 > iob->eod) + { + return CHUNK_STATUS_MISSING_DATA; + } + /* There should be another "\r\n" to skip */ if (memcmp(p, "\r\n", 2)) {