mirror of
https://github.com/moparisthebest/curl
synced 2025-01-12 14:38:31 -05:00
http2: avoid strstr() on data not zero terminated
It's not strictly clear if the API contract allows us to call strstr() on a string that isn't zero terminated even when we know it will find the substring, and clang's ASAN check dislikes us for it. Also added a check of the return code in case it fails, even if I can't think of a situation how that can trigger. Detected by OSS-Fuzz Closes #2513 Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7760
This commit is contained in:
parent
b0a50227c0
commit
1514c44655
@ -1851,8 +1851,11 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex,
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Extract :method, :path from request line */
|
/* Extract :method, :path from request line
|
||||||
line_end = strstr(hdbuf, "\r\n");
|
We do line endings with CRLF so checking for CR is enough */
|
||||||
|
line_end = memchr(hdbuf, '\r', len);
|
||||||
|
if(!line_end)
|
||||||
|
goto fail;
|
||||||
|
|
||||||
/* Method does not contain spaces */
|
/* Method does not contain spaces */
|
||||||
end = memchr(hdbuf, ' ', line_end - hdbuf);
|
end = memchr(hdbuf, ' ', line_end - hdbuf);
|
||||||
|
Loading…
Reference in New Issue
Block a user