mirror of
https://github.com/moparisthebest/curl
synced 2024-12-21 23:58:49 -05:00
Fixed a buffer overflow problem in Curl_proxyCONNECT that could occur
when a server responded with long headers and data. Luckily, the buffer overflowed into another unused buffer, so no actual harm was done. Added test cases 1060 and 1061 to verify.
This commit is contained in:
parent
58f7c82d52
commit
7eab7fa353
6
CHANGES
6
CHANGES
@ -6,6 +6,12 @@
|
||||
|
||||
Changelog
|
||||
|
||||
Daniel Fandrich (12 Aug 2008)
|
||||
- Fixed a buffer overflow problem in Curl_proxyCONNECT that could occur
|
||||
when a server responded with long headers and data. Luckily, the buffer
|
||||
overflowed into another unused buffer, so no actual harm was done.
|
||||
Added test cases 1060 and 1061 to verify.
|
||||
|
||||
Daniel Stenberg (12 Aug 2008)
|
||||
- Andy Tsouladze fixed runtests.pl to not attempt to execute the stunnel
|
||||
_directory_ if that happened to appear in the path!
|
||||
|
@ -1474,6 +1474,7 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
|
||||
case 0: /* timeout */
|
||||
break;
|
||||
default:
|
||||
DEBUGASSERT(ptr+BUFSIZE-nread <= data->state.buffer+BUFSIZE+1);
|
||||
res = Curl_read(conn, tunnelsocket, ptr, BUFSIZE-nread, &gotbytes);
|
||||
if(res< 0)
|
||||
/* EWOULDBLOCK */
|
||||
@ -1506,6 +1507,7 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
|
||||
/* This means we are currently ignoring a response-body */
|
||||
|
||||
nread = 0; /* make next read start over in the read buffer */
|
||||
ptr=data->state.buffer;
|
||||
if(cl) {
|
||||
/* A Content-Length based body: simply count down the counter
|
||||
and make sure to break out of the loop when we're done! */
|
||||
@ -1565,6 +1567,7 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
|
||||
/* end of response-headers from the proxy */
|
||||
nread = 0; /* make next read start over in the read
|
||||
buffer */
|
||||
ptr=data->state.buffer;
|
||||
if((407 == k->httpcode) && !data->state.authproblem) {
|
||||
/* If we get a 407 response code with content length
|
||||
when we have no auth problem, we must ignore the
|
||||
|
@ -55,7 +55,7 @@ EXTRA_DIST = test1 test108 test117 test127 test20 test27 test34 test46 \
|
||||
test1033 test539 test1034 test1035 test1036 test1037 test1038 test1039 \
|
||||
test1040 test1041 test1042 test1043 test1044 test1045 test1046 test1047 \
|
||||
test1048 test1049 test1050 test1051 test1052 test1053 test1054 test1055 \
|
||||
test1056 test1057 test1058 test1059 test1062
|
||||
test1056 test1057 test1058 test1059 test1060 test1061 test1062
|
||||
|
||||
filecheck:
|
||||
@mkdir test-place; \
|
||||
|
902
tests/data/test1060
Normal file
902
tests/data/test1060
Normal file
File diff suppressed because one or more lines are too long
907
tests/data/test1061
Normal file
907
tests/data/test1061
Normal file
File diff suppressed because one or more lines are too long
Loading…
Reference in New Issue
Block a user