projects
/
privoxy.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
2256d7b
)
chunked_body_is_complete(): Prevent invalid read of size two
author
Fabian Keil
<fk@fabiankeil.de>
Fri, 5 Feb 2021 04:06:56 +0000
(
05:06
+0100)
committer
Fabian Keil
<fk@fabiankeil.de>
Thu, 25 Feb 2021 14:03:59 +0000
(15:03 +0100)
OVE-
20210205
-0001.
Reported by: Joshua Rogers (Opera)
jcc.c
patch
|
blob
|
history
diff --git
a/jcc.c
b/jcc.c
index
bb6a8fa
..
12e7736
100644
(file)
--- a/
jcc.c
+++ b/
jcc.c
@@
-1503,6
+1503,12
@@
static enum chunk_status chunked_body_is_complete(struct iob *iob, size_t *lengt
/* Move beyond the chunkdata. */
p += 2 + chunksize;
+ /* Make sure we're still within the buffer and have two bytes left */
+ if (p + 2 > iob->eod)
+ {
+ return CHUNK_STATUS_MISSING_DATA;
+ }
+
/* There should be another "\r\n" to skip */
if (memcmp(p, "\r\n", 2))
{