mirror of
https://github.com/moparisthebest/curl
synced 2024-12-22 08:08:50 -05:00
cookie: replace use of fgets() with custom version
... that will ignore lines that are too long to fit in the buffer. CVE-2016-8615 Bug: https://curl.haxx.se/docs/adv_20161102A.html Reported-by: Cure53
This commit is contained in:
parent
811a693b80
commit
cff89bc088
31
lib/cookie.c
31
lib/cookie.c
@ -902,6 +902,35 @@ Curl_cookie_add(struct Curl_easy *data,
|
||||
return co;
|
||||
}
|
||||
|
||||
/*
|
||||
* get_line() makes sure to only return complete whole lines that fit in 'len'
|
||||
* bytes and end with a newline.
|
||||
*/
|
||||
static char *get_line(char *buf, int len, FILE *input)
|
||||
{
|
||||
bool partial = FALSE;
|
||||
while(1) {
|
||||
char *b = fgets(buf, len, input);
|
||||
if(b) {
|
||||
size_t rlen = strlen(b);
|
||||
if(rlen && (b[rlen-1] == '\n')) {
|
||||
if(partial) {
|
||||
partial = FALSE;
|
||||
continue;
|
||||
}
|
||||
return b;
|
||||
}
|
||||
else
|
||||
/* read a partial, discard the next piece that ends with newline */
|
||||
partial = TRUE;
|
||||
}
|
||||
else
|
||||
break;
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
/*****************************************************************************
|
||||
*
|
||||
* Curl_cookie_init()
|
||||
@ -958,7 +987,7 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data,
|
||||
line = malloc(MAX_COOKIE_LINE);
|
||||
if(!line)
|
||||
goto fail;
|
||||
while(fgets(line, MAX_COOKIE_LINE, fp)) {
|
||||
while(get_line(line, MAX_COOKIE_LINE, fp)) {
|
||||
if(checkprefix("Set-Cookie:", line)) {
|
||||
/* This is a cookie line, get it! */
|
||||
lineptr=&line[11];
|
||||
|
Loading…
Reference in New Issue
Block a user