1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00

Fixed a buffer overflow problem in Curl_proxyCONNECT that could occur

when a server responded with long headers and data.  Luckily, the buffer
overflowed into another unused buffer, so no actual harm was done.
Added test cases 1060 and 1061 to verify.
This commit is contained in:
Dan Fandrich 2008-08-12 20:07:52 +00:00
parent 58f7c82d52
commit 7eab7fa353
5 changed files with 1819 additions and 1 deletions

View File

@ -6,6 +6,12 @@
Changelog
Daniel Fandrich (12 Aug 2008)
- Fixed a buffer overflow problem in Curl_proxyCONNECT that could occur
when a server responded with long headers and data. Luckily, the buffer
overflowed into another unused buffer, so no actual harm was done.
Added test cases 1060 and 1061 to verify.
Daniel Stenberg (12 Aug 2008)
- Andy Tsouladze fixed runtests.pl to not attempt to execute the stunnel
_directory_ if that happened to appear in the path!

View File

@ -1474,6 +1474,7 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
case 0: /* timeout */
break;
default:
DEBUGASSERT(ptr+BUFSIZE-nread <= data->state.buffer+BUFSIZE+1);
res = Curl_read(conn, tunnelsocket, ptr, BUFSIZE-nread, &gotbytes);
if(res< 0)
/* EWOULDBLOCK */
@ -1506,6 +1507,7 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
/* This means we are currently ignoring a response-body */
nread = 0; /* make next read start over in the read buffer */
ptr=data->state.buffer;
if(cl) {
/* A Content-Length based body: simply count down the counter
and make sure to break out of the loop when we're done! */
@ -1565,6 +1567,7 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
/* end of response-headers from the proxy */
nread = 0; /* make next read start over in the read
buffer */
ptr=data->state.buffer;
if((407 == k->httpcode) && !data->state.authproblem) {
/* If we get a 407 response code with content length
when we have no auth problem, we must ignore the

View File

@ -55,7 +55,7 @@ EXTRA_DIST = test1 test108 test117 test127 test20 test27 test34 test46 \
test1033 test539 test1034 test1035 test1036 test1037 test1038 test1039 \
test1040 test1041 test1042 test1043 test1044 test1045 test1046 test1047 \
test1048 test1049 test1050 test1051 test1052 test1053 test1054 test1055 \
test1056 test1057 test1058 test1059 test1062
test1056 test1057 test1058 test1059 test1060 test1061 test1062
filecheck:
@mkdir test-place; \

902
tests/data/test1060 Normal file

File diff suppressed because one or more lines are too long

907
tests/data/test1061 Normal file

File diff suppressed because one or more lines are too long