Gadu-Gadu: fix a possible HTTP Content-Length integer overflow (VRT-2013-1001) release-2.x.y
authorTomasz Wasilczyk <twasilczyk@pidgin.im>
Mon, 25 Nov 2013 17:03:17 +0100
branchrelease-2.x.y
changesetec15aa187aa0 pushlog
parent 2a77da513a03
child 4c897372b5a4
Gadu-Gadu: fix a possible HTTP Content-Length integer overflow (VRT-2013-1001)
libpurple/protocols/gg/lib/http.c
      1.1 --- a/libpurple/protocols/gg/lib/http.c
      1.2 +++ b/libpurple/protocols/gg/lib/http.c
      1.3 @@ -47,6 +47,8 @@
      1.4  #include <string.h>
      1.5  #include <unistd.h>
      1.6  
      1.7 +#define GG_HTTP_MAX_LENGTH 1000000000
      1.8 +
      1.9  /**
     1.10   * Rozpoczyna połączenie HTTP.
     1.11   *
     1.12 @@ -364,6 +366,11 @@
     1.13  				h->body_size = left;
     1.14  			}
     1.15  
     1.16 +			if (h->body_size > GG_HTTP_MAX_LENGTH) {
     1.17 +				gg_debug(GG_DEBUG_MISC, "=> http, content-length too big\n");
     1.18 +				h->body_size = GG_HTTP_MAX_LENGTH;
     1.19 +			}
     1.20 +
     1.21  			if (left > h->body_size) {
     1.22  				gg_debug(GG_DEBUG_MISC, "=> http, oversized reply (%d bytes needed, %d bytes left)\n", h->body_size, left);
     1.23  				h->body_size = left;