From: Fabian Keil <fk@fabiankeil.de>
Date: Mon, 26 Dec 2011 17:02:24 +0000 (+0000)
Subject: Prevent an integer overflow in remove_chunked_transfer_coding() that would cause... 
X-Git-Tag: v_3_0_19~12
X-Git-Url: http://www.privoxy.org/gitweb/?a=commitdiff_plain;h=9878dd31e60de2120c7cd4f968c19e47e575151e;hp=9878dd31e60de2120c7cd4f968c19e47e575151e;p=privoxy.git

Prevent an integer overflow in remove_chunked_transfer_coding() that would cause a segfault

It could be triggered by malicious web servers if Privoxy was
configured to filter the response and running on a platform
where SIZE_T_MAX isn't larger than UINT_MAX, which probably
includes most 32-bit systems.

On those platforms, all Privoxy versions before 3.0.19 appear
to be affected. Releases before 2.9.14 don't really count, though,
as they don't even try to sanity check the chunk size and thus
have bigger issues.

To be on the safe side, this bug should be presumed to allow
code execution as proving that it doesn't seems unrealistic.
---