moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00
Code Issues Releases Wiki Activity

imap: if a FETCH response has no size, don't call write callback

Browse Source 
CVE-2017-1000257

Reported-by: Brian Carpenter and 0xd34db347
Also detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3586
This commit is contained in:
Daniel Stenberg 2017-10-07 00:11:31 +02:00
parent 769647e714
commit 13c9a9ded3
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/imap.c
View File

@ -1126,6 +1126,11 @@ static CURLcode imap_state_fetch_resp(struct connectdata *conn, int imapcode,
/* The conversion from curl_off_t to size_t is always fine here */
chunk = (size_t)size;
if(!chunk) {
/* no size, we're done with the data */
state(conn, IMAP_STOP);
return CURLE_OK;
}
result = Curl_client_write(conn, CLIENTWRITE_BODY, pp->cache, chunk);
if(result)
return result;