1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 08:08:50 -05:00

chunked-parser: abort on overflows, allow 64 bit chunks

This commit is contained in:
Daniel Stenberg 2014-01-16 23:07:54 +01:00
parent 821094ba72
commit 345891edba
2 changed files with 11 additions and 6 deletions

View File

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@ -31,6 +31,7 @@
#include "http.h" #include "http.h"
#include "curl_memory.h" #include "curl_memory.h"
#include "non-ascii.h" /* for Curl_convert_to_network prototype */ #include "non-ascii.h" /* for Curl_convert_to_network prototype */
#include "strtoofft.h"
#define _MPRINTF_REPLACE /* use our functions only */ #define _MPRINTF_REPLACE /* use our functions only */
#include <curl/mprintf.h> #include <curl/mprintf.h>
@ -113,7 +114,7 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn,
struct Curl_chunker *ch = &conn->chunk; struct Curl_chunker *ch = &conn->chunk;
struct SingleRequest *k = &data->req; struct SingleRequest *k = &data->req;
size_t piece; size_t piece;
size_t length = (size_t)datalen; curl_off_t length = (curl_off_t)datalen;
size_t *wrote = (size_t *)wrotep; size_t *wrote = (size_t *)wrotep;
*wrote = 0; /* nothing's written yet */ *wrote = 0; /* nothing's written yet */
@ -141,6 +142,7 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn,
} }
} }
else { else {
char *endptr;
if(0 == ch->hexindex) { if(0 == ch->hexindex) {
/* This is illegal data, we received junk where we expected /* This is illegal data, we received junk where we expected
a hexadecimal digit. */ a hexadecimal digit. */
@ -155,10 +157,13 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn,
if(result) { if(result) {
/* Curl_convert_from_network calls failf if unsuccessful */ /* Curl_convert_from_network calls failf if unsuccessful */
/* Treat it as a bad hex character */ /* Treat it as a bad hex character */
return(CHUNKE_ILLEGAL_HEX); return CHUNKE_ILLEGAL_HEX ;
} }
ch->datasize=strtoul(ch->hexbuffer, NULL, 16); ch->datasize=curlx_strtoofft(ch->hexbuffer, &endptr, 16);
if(errno == ERANGE)
/* over or underflow is an error */
return CHUNKE_ILLEGAL_HEX;
ch->state = CHUNK_POSTHEX; ch->state = CHUNK_POSTHEX;
} }
break; break;

View File

@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@ -100,7 +100,7 @@ struct Curl_chunker {
char hexbuffer[ MAXNUM_SIZE + 1]; char hexbuffer[ MAXNUM_SIZE + 1];
int hexindex; int hexindex;
ChunkyState state; ChunkyState state;
size_t datasize; curl_off_t datasize;
size_t dataleft; /* untouched data amount at the end of the last buffer */ size_t dataleft; /* untouched data amount at the end of the last buffer */
}; };