X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=parsers.c;h=1cb46dfeb5d928087c27599f3057b6294843a40d;hp=086640931a11983b8032aa12ba6d4360b67165cd;hb=efb65aac49827c59e9341013da4c0a3676b946f4;hpb=fc24c11368a2447c2e7f874e41518fc28f7a53c1

diff --git a/parsers.c b/parsers.c
index 08664093..1cb46dfe 100644
--- a/parsers.c
+++ b/parsers.c
@@ -608,8 +608,16 @@ jb_err decompress_iob(struct client_state *csp)
              * XXX: this code is untested and should probably be removed.
              */
             int skip_bytes;
+
+            if (cur + 2 >= csp->iob->eod)
+            {
+               log_error(LOG_LEVEL_ERROR,
+                  "gzip extra field flag set but insufficient data available.");
+               return JB_ERR_COMPRESS;
+            }
+
             skip_bytes = *cur++;
-            skip_bytes += *cur++ << 8;
+            skip_bytes += (unsigned char)*cur++ << 8;
 
             /*
              * The number of bytes to skip should be positive
@@ -634,14 +642,14 @@ jb_err decompress_iob(struct client_state *csp)
          if (flags & GZIP_FLAG_FILE_NAME)
          {
             /* A null-terminated string is supposed to follow. */
-            while (*cur++ && (cur < csp->iob->eod));
+            while ((cur < csp->iob->eod) && *cur++);
          }
 
          /* Skip the comment if necessary. */
          if (flags & GZIP_FLAG_COMMENT)
          {
             /* A null-terminated string is supposed to follow. */
-            while (*cur++ && (cur < csp->iob->eod));
+            while ((cur < csp->iob->eod) && *cur++);
          }
 
          /* Skip the CRC if necessary. */
@@ -709,7 +717,7 @@ jb_err decompress_iob(struct client_state *csp)
    /*
     * Next, we allocate new storage for the inflated data.
     * We don't modify the existing iob yet, so in case there
-    * is error in decompression we can recover gracefully.
+    * is an error in decompression we can recover gracefully.
     */
    buf = zalloc(bufsize);
    if (NULL == buf)
@@ -778,8 +786,9 @@ jb_err decompress_iob(struct client_state *csp)
       }
       else
       {
+#ifndef NDEBUG
          char *oldnext_out = (char *)zstr.next_out;
-
+#endif
          /*
           * Update the fields for inflate() to use the new
           * buffer, which may be in a location different from
@@ -1292,6 +1301,17 @@ jb_err sed(struct client_state *csp, int filter_server_headers)
       v++;
    }
 
+   if (filter_server_headers &&
+      (csp->flags & CSP_FLAG_SERVER_CONTENT_LENGTH_SET) &&
+      (csp->flags & CSP_FLAG_CHUNKED))
+   {
+      /* RFC 2616 4.4 3 */
+      log_error(LOG_LEVEL_HEADER, "Ignoring the Content-Length header "
+         "sent by the server as the response is chunk-encoded.");
+      csp->flags &= ~CSP_FLAG_CONTENT_LENGTH_SET;
+      csp->expected_content_length = 0;
+   }
+
    /* place additional headers on the csp->headers list */
    while ((err == JB_ERR_OK) && (*f))
    {
@@ -4608,7 +4628,10 @@ static jb_err parse_time_header(const char *header, time_t *result)
     * through sed() which requires a header name followed by
     * a colon.
     */
-   assert(header_time != NULL);
+   if (header_time == NULL)
+   {
+      return JB_ERR_PARSE;
+   }
 
    header_time++;
    if (*header_time == ' ')