[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] [PATCH 21/25] Bugfix: Detect malformed base64 Metalink/HT
From: |
Giuseppe Scrivano |
Subject: |
Re: [Bug-wget] [PATCH 21/25] Bugfix: Detect malformed base64 Metalink/HTTP Digest header |
Date: |
Sun, 11 Sep 2016 23:41:03 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
Hi Matthew,
Matthew White <address@hidden> writes:
> [Coverity Scan is ok, make syntax-check is ok, make check-valgrind is ok,
> contrib/check-hard is ok]
>
> Before this patch, a malformed base64 Metalink/HTTP Digest header was causing
> a memory exaustion.
>
> This introduces the ability to properly detect and discard a malformed base64
> Metalink/HTTP Digest header.
>
> The following description is verbatim from the patch:
> -----
> On malformed base64 input, ssize_t base64_decode() returns -1. Such
> value is too big for a size_t variable, and used as xmalloc() value
> will exaust all the memory.
> -----
>
> Regards,
> Matthew
>
> --
> Matthew White <address@hidden>
>
> From 4353ce34fa71c7684ad7ccee4ccf0cecc424c878 Mon Sep 17 00:00:00 2001
> From: Matthew White <address@hidden>
> Date: Sat, 27 Aug 2016 20:28:42 +0200
> Subject: [PATCH 21/25] Bugfix: Detect malformed base64 Metalink/HTTP Digest
> header
>
> * src/http.c (metalink_from_http): Fix hash_bin_len type. Use ssize_t
> instead than size_t. Reject -1 as base64_decode() return value
> * testenv/Makefile.am: Add new file
> * testenv/Test-metalink-http-baddigest.py: New file. Metalink/HTTP
> malformed base64 Digest header tests
>
> On malformed base64 input, ssize_t base64_decode() returns -1. Such
> value is too big for a size_t variable, and used as xmalloc() value
> will exaust all the memory.
> ---
> src/http.c | 14 +++--
> testenv/Makefile.am | 1 +
> testenv/Test-metalink-http-baddigest.py | 94
> +++++++++++++++++++++++++++++++++
> 3 files changed, 106 insertions(+), 3 deletions(-)
> create mode 100755 testenv/Test-metalink-http-baddigest.py
ACK
Giuseppe