X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=parsers.c;h=3197c4ff6644c77e7d9c89a78a9b13e29f06da01;hb=a73211c9faec89dbaeb1b6c5c0b660c077aa1ca3;hp=086640931a11983b8032aa12ba6d4360b67165cd;hpb=fc24c11368a2447c2e7f874e41518fc28f7a53c1;p=privoxy.git diff --git a/parsers.c b/parsers.c index 08664093..3197c4ff 100644 --- a/parsers.c +++ b/parsers.c @@ -608,8 +608,16 @@ jb_err decompress_iob(struct client_state *csp) * XXX: this code is untested and should probably be removed. */ int skip_bytes; + + if (cur + 2 >= csp->iob->eod) + { + log_error(LOG_LEVEL_ERROR, + "gzip extra field flag set but insufficient data available."); + return JB_ERR_COMPRESS; + } + skip_bytes = *cur++; - skip_bytes += *cur++ << 8; + skip_bytes += (unsigned char)*cur++ << 8; /* * The number of bytes to skip should be positive @@ -634,14 +642,14 @@ jb_err decompress_iob(struct client_state *csp) if (flags & GZIP_FLAG_FILE_NAME) { /* A null-terminated string is supposed to follow. */ - while (*cur++ && (cur < csp->iob->eod)); + while ((cur < csp->iob->eod) && *cur++); } /* Skip the comment if necessary. */ if (flags & GZIP_FLAG_COMMENT) { /* A null-terminated string is supposed to follow. */ - while (*cur++ && (cur < csp->iob->eod)); + while ((cur < csp->iob->eod) && *cur++); } /* Skip the CRC if necessary. */ @@ -709,7 +717,7 @@ jb_err decompress_iob(struct client_state *csp) /* * Next, we allocate new storage for the inflated data. * We don't modify the existing iob yet, so in case there - * is error in decompression we can recover gracefully. + * is an error in decompression we can recover gracefully. */ buf = zalloc(bufsize); if (NULL == buf) @@ -778,8 +786,9 @@ jb_err decompress_iob(struct client_state *csp) } else { +#ifndef NDEBUG char *oldnext_out = (char *)zstr.next_out; - +#endif /* * Update the fields for inflate() to use the new * buffer, which may be in a location different from