/pidgin/main: ec15aa187aa0: Gadu-Gadu: fix a possible HTTP Conte...
Tomasz Wasilczyk
twasilczyk at pidgin.im
Tue Jan 28 10:38:09 EST 2014
Changeset: ec15aa187aa0d51faea8d13f38220ddd35c6251a
Author: Tomasz Wasilczyk <twasilczyk at pidgin.im>
Date: 2013-11-25 17:03 +0100
Branch: release-2.x.y
URL: https://hg.pidgin.im/pidgin/main/rev/ec15aa187aa0
Description:
Gadu-Gadu: fix a possible HTTP Content-Length integer overflow (VRT-2013-1001)
diffstat:
libpurple/protocols/gg/lib/http.c | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)
diffs (24 lines):
diff --git a/libpurple/protocols/gg/lib/http.c b/libpurple/protocols/gg/lib/http.c
--- a/libpurple/protocols/gg/lib/http.c
+++ b/libpurple/protocols/gg/lib/http.c
@@ -47,6 +47,8 @@
#include <string.h>
#include <unistd.h>
+#define GG_HTTP_MAX_LENGTH 1000000000
+
/**
* Rozpoczyna poÅ‚Ä
czenie HTTP.
*
@@ -364,6 +366,11 @@ int gg_http_watch_fd(struct gg_http *h)
h->body_size = left;
}
+ if (h->body_size > GG_HTTP_MAX_LENGTH) {
+ gg_debug(GG_DEBUG_MISC, "=> http, content-length too big\n");
+ h->body_size = GG_HTTP_MAX_LENGTH;
+ }
+
if (left > h->body_size) {
gg_debug(GG_DEBUG_MISC, "=> http, oversized reply (%d bytes needed, %d bytes left)\n", h->body_size, left);
h->body_size = left;
More information about the Commits
mailing list