projects
/
privoxy.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
contacting: Clarify that 'debug 32768' should be used in addition to the other debug...
[privoxy.git]
/
parsers.c
diff --git
a/parsers.c
b/parsers.c
index
0c99091
..
3197c4f
100644
(file)
--- a/
parsers.c
+++ b/
parsers.c
@@
-608,8
+608,16
@@
jb_err decompress_iob(struct client_state *csp)
* XXX: this code is untested and should probably be removed.
*/
int skip_bytes;
* XXX: this code is untested and should probably be removed.
*/
int skip_bytes;
+
+ if (cur + 2 >= csp->iob->eod)
+ {
+ log_error(LOG_LEVEL_ERROR,
+ "gzip extra field flag set but insufficient data available.");
+ return JB_ERR_COMPRESS;
+ }
+
skip_bytes = *cur++;
skip_bytes = *cur++;
- skip_bytes += *cur++ << 8;
+ skip_bytes +=
(unsigned char)
*cur++ << 8;
/*
* The number of bytes to skip should be positive
/*
* The number of bytes to skip should be positive
@@
-634,14
+642,14
@@
jb_err decompress_iob(struct client_state *csp)
if (flags & GZIP_FLAG_FILE_NAME)
{
/* A null-terminated string is supposed to follow. */
if (flags & GZIP_FLAG_FILE_NAME)
{
/* A null-terminated string is supposed to follow. */
- while (
*cur++ && (cur < csp->iob->eod)
);
+ while (
(cur < csp->iob->eod) && *cur++
);
}
/* Skip the comment if necessary. */
if (flags & GZIP_FLAG_COMMENT)
{
/* A null-terminated string is supposed to follow. */
}
/* Skip the comment if necessary. */
if (flags & GZIP_FLAG_COMMENT)
{
/* A null-terminated string is supposed to follow. */
- while (
*cur++ && (cur < csp->iob->eod)
);
+ while (
(cur < csp->iob->eod) && *cur++
);
}
/* Skip the CRC if necessary. */
}
/* Skip the CRC if necessary. */
@@
-778,8
+786,9
@@
jb_err decompress_iob(struct client_state *csp)
}
else
{
}
else
{
+#ifndef NDEBUG
char *oldnext_out = (char *)zstr.next_out;
char *oldnext_out = (char *)zstr.next_out;
-
+#endif
/*
* Update the fields for inflate() to use the new
* buffer, which may be in a location different from
/*
* Update the fields for inflate() to use the new
* buffer, which may be in a location different from