mirror of
https://github.com/moparisthebest/curl
synced 2024-12-24 17:18:48 -05:00
http2: get rid of another strstr()
Follow-up to 1514c44655
: replace another strstr() call done on a
buffer that might not be zero terminated - with a memchr() call, even if
we know the substring will be found.
Assisted-by: Max Dymond
Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8021
Closes #2534
This commit is contained in:
parent
3b41839e2e
commit
2ef1662e4b
@ -1923,8 +1923,10 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex,
|
|||||||
|
|
||||||
hdbuf = line_end + 2;
|
hdbuf = line_end + 2;
|
||||||
|
|
||||||
line_end = strstr(hdbuf, "\r\n");
|
/* check for next CR, but only within the piece of data left in the given
|
||||||
if(line_end == hdbuf)
|
buffer */
|
||||||
|
line_end = memchr(hdbuf, '\r', len - (hdbuf - (char *)mem));
|
||||||
|
if(!line_end || (line_end == hdbuf))
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
/* header continuation lines are not supported */
|
/* header continuation lines are not supported */
|
||||||
|
Loading…
Reference in New Issue
Block a user