1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-24 09:08:49 -05:00

http2: get rid of another strstr()

Follow-up to 1514c44655: replace another strstr() call done on a
buffer that might not be zero terminated - with a memchr() call, even if
we know the substring will be found.

Assisted-by: Max Dymond

Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8021

Closes #2534
This commit is contained in:
Daniel Stenberg 2018-04-26 10:41:21 +02:00
parent 3b41839e2e
commit 2ef1662e4b
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2

View File

@ -1923,8 +1923,10 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex,
hdbuf = line_end + 2;
line_end = strstr(hdbuf, "\r\n");
if(line_end == hdbuf)
/* check for next CR, but only within the piece of data left in the given
buffer */
line_end = memchr(hdbuf, '\r', len - (hdbuf - (char *)mem));
if(!line_end || (line_end == hdbuf))
goto fail;
/* header continuation lines are not supported */