From: Fabian Keil <fk@fabiankeil.de>
Date: Wed, 31 Mar 2021 10:14:36 +0000 (+0200)
Subject: remove_chunked_transfer_coding(): Refuse to de-chunk invalid data
X-Git-Tag: v_3_0_34~117
X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=commitdiff_plain;h=a123fb5113d6816320488f3239b6ae48b489ee9c;ds=sidebyside

remove_chunked_transfer_coding(): Refuse to de-chunk invalid data

Previously the data could get corrupted even further.
Now we simply pass the unmodified data to the client.
---

diff --git a/filters.c b/filters.c
index baaaea5f..21ee44d5 100644
--- a/filters.c
+++ b/filters.c
@@ -2317,6 +2317,18 @@ static jb_err remove_chunked_transfer_coding(char *buffer, size_t *size)
    assert(buffer);
    from_p = to_p = buffer;
 
+#ifndef FUZZ
+   /*
+    * Refuse to de-chunk invalid or incomplete data unless we're fuzzing.
+    */
+   if (!chunked_data_is_complete(buffer, *size, 0))
+   {
+      log_error(LOG_LEVEL_ERROR,
+         "Chunk-encoding appears to be invalid. Content can't be filtered.");
+      return JB_ERR_PARSE;
+   }
+#endif
+
    if (sscanf(buffer, "%x", &chunksize) != 1)
    {
       log_error(LOG_LEVEL_ERROR, "Invalid first chunksize while stripping \"chunked\" transfer coding");