Gadu-Gadu: fix a possible HTTP Content-Length integer overflow (VRT-2013-1001) release-2.x.y
authorTomasz Wasilczyk <twasilczyk@pidgin.im>
Mon, 25 Nov 2013 17:03:17 +0100
branchrelease-2.x.y
changesetec15aa187aa0 pushlog
parent 2a77da513a03
child 4c897372b5a4
Gadu-Gadu: fix a possible HTTP Content-Length integer overflow (VRT-2013-1001)
libpurple/protocols/gg/lib/http.c
     1.1 --- a/libpurple/protocols/gg/lib/http.c
     1.2 +++ b/libpurple/protocols/gg/lib/http.c
     1.3 @@ -47,6 +47,8 @@
     1.4  #include <string.h>
     1.5  #include <unistd.h>
     1.6  
     1.7 +#define GG_HTTP_MAX_LENGTH 1000000000
     1.8 +
     1.9  /**
    1.10   * Rozpoczyna połączenie HTTP.
    1.11   *
    1.12 @@ -364,6 +366,11 @@
    1.13  				h->body_size = left;
    1.14  			}
    1.15  
    1.16 +			if (h->body_size > GG_HTTP_MAX_LENGTH) {
    1.17 +				gg_debug(GG_DEBUG_MISC, "=> http, content-length too big\n");
    1.18 +				h->body_size = GG_HTTP_MAX_LENGTH;
    1.19 +			}
    1.20 +
    1.21  			if (left > h->body_size) {
    1.22  				gg_debug(GG_DEBUG_MISC, "=> http, oversized reply (%d bytes needed, %d bytes left)\n", h->body_size, left);
    1.23  				h->body_size = left;