projects
/
privoxy.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
configure: Bump SOURCE_DATE_EPOCH
[privoxy.git]
/
parsers.c
diff --git
a/parsers.c
b/parsers.c
index
f905c92
..
3197c4f
100644
(file)
--- a/
parsers.c
+++ b/
parsers.c
@@
-608,6
+608,14
@@
jb_err decompress_iob(struct client_state *csp)
* XXX: this code is untested and should probably be removed.
*/
int skip_bytes;
* XXX: this code is untested and should probably be removed.
*/
int skip_bytes;
+
+ if (cur + 2 >= csp->iob->eod)
+ {
+ log_error(LOG_LEVEL_ERROR,
+ "gzip extra field flag set but insufficient data available.");
+ return JB_ERR_COMPRESS;
+ }
+
skip_bytes = *cur++;
skip_bytes += (unsigned char)*cur++ << 8;
skip_bytes = *cur++;
skip_bytes += (unsigned char)*cur++ << 8;
@@
-634,14
+642,14
@@
jb_err decompress_iob(struct client_state *csp)
if (flags & GZIP_FLAG_FILE_NAME)
{
/* A null-terminated string is supposed to follow. */
if (flags & GZIP_FLAG_FILE_NAME)
{
/* A null-terminated string is supposed to follow. */
- while (
*cur++ && (cur < csp->iob->eod)
);
+ while (
(cur < csp->iob->eod) && *cur++
);
}
/* Skip the comment if necessary. */
if (flags & GZIP_FLAG_COMMENT)
{
/* A null-terminated string is supposed to follow. */
}
/* Skip the comment if necessary. */
if (flags & GZIP_FLAG_COMMENT)
{
/* A null-terminated string is supposed to follow. */
- while (
*cur++ && (cur < csp->iob->eod)
);
+ while (
(cur < csp->iob->eod) && *cur++
);
}
/* Skip the CRC if necessary. */
}
/* Skip the CRC if necessary. */