[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 169/208: http: fix response code parser to avoid in
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 169/208: http: fix response code parser to avoid integer overflow |
Date: |
Wed, 09 Aug 2017 17:36:06 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to annotated tag gnurl-7.55.0
in repository gnurl.
commit 909283ae5a057487265ce9d8b684cf01451d096a
Author: Daniel Stenberg <address@hidden>
AuthorDate: Mon Jul 31 17:11:18 2017 +0200
http: fix response code parser to avoid integer overflow
test 1429 and 1433 were updated to work with the stricter HTTP status line
parser.
Closes #1714
Reported-by: Brian Carpenter
---
lib/http.c | 15 +++++++++++----
tests/data/test1429 | 2 +-
tests/data/test1433 | 20 ++++----------------
3 files changed, 16 insertions(+), 21 deletions(-)
diff --git a/lib/http.c b/lib/http.c
index 319a8192c..d66b8482f 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -3322,19 +3322,22 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy
*data,
* says. We try to allow any number here, but we cannot make
* guarantees on future behaviors since it isn't within the protocol.
*/
+ char separator;
nc = sscanf(HEADER1,
- " HTTP/%d.%d %d",
+ " HTTP/%1d.%1d%c%3d",
&httpversion_major,
&conn->httpversion,
+ &separator,
&k->httpcode);
if(nc == 1 && httpversion_major == 2 &&
1 == sscanf(HEADER1, " HTTP/2 %d", &k->httpcode)) {
conn->httpversion = 0;
- nc = 3;
+ nc = 4;
+ separator = ' ';
}
- if(nc==3) {
+ if((nc==4) && (' ' == separator)) {
conn->httpversion += 10 * httpversion_major;
if(k->upgr101 == UPGR101_RECEIVED) {
@@ -3343,7 +3346,7 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy
*data,
infof(data, "Lying server, not serving HTTP/2\n");
}
}
- else {
+ else if(!nc) {
/* this is the real world, not a Nirvana
NCSA 1.5.x returns this crap when asked for HTTP/1.1
*/
@@ -3361,6 +3364,10 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy
*data,
}
}
}
+ else {
+ failf(data, "Unsupported HTTP version in response\n");
+ return CURLE_UNSUPPORTED_PROTOCOL;
+ }
}
else if(conn->handler->protocol & CURLPROTO_RTSP) {
nc = sscanf(HEADER1,
diff --git a/tests/data/test1429 b/tests/data/test1429
index ddf52ec42..114dc0dba 100644
--- a/tests/data/test1429
+++ b/tests/data/test1429
@@ -54,7 +54,7 @@ Content-Type: text/html
Funny-head: yesyes
-foo-
-1234
+123
</stdout>
<strip>
^User-Agent:.*
diff --git a/tests/data/test1433 b/tests/data/test1433
index 8634db2c4..a159daff3 100644
--- a/tests/data/test1433
+++ b/tests/data/test1433
@@ -34,28 +34,13 @@ http
HTTP GET with 100-digit subversion number in response
</name>
<command>
-http://%HOSTIP:%HTTPPORT/1433 --write-out '%{response_code}'
+http://%HOSTIP:%HTTPPORT/1433
</command>
</client>
#
# Verify data after the test has been "shot"
<verify>
-<stdout nonewline="yes">
-HTTP/1.0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
200 OK
-Date: Thu, 09 Nov 2010 14:49:00 GMT
-Server: test-server/fake
-Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
-ETag: "21025-dc7-39462498"
-Accept-Ranges: bytes
-Content-Length: 6
-Connection: close
-Content-Type: text/html
-Funny-head: yesyes
-
--foo-
-200
-</stdout>
<strip>
^User-Agent:.*
</strip>
@@ -65,5 +50,8 @@ Host: %HOSTIP:%HTTPPORT
Accept: */*
</protocol>
+<errorcode>
+1
+</errorcode>
</verify>
</testcase>
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 125/208: valgrind.supp: supress OpenSSL false positive seen on travis, (continued)
- [GNUnet-SVN] [gnurl] 125/208: valgrind.supp: supress OpenSSL false positive seen on travis, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 167/208: include.d: clarify --include is only for response headers, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 195/208: gssapi: fix memory leak of output token in multi round context, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 193/208: CMake: fix CURL_WERROR for MSVC, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 133/208: ldap: fix MinGW compiler warning, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 66/208: progress: progress.timespent needs to be us, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 154/208: nss: fix a possible use-after-free in SelectClientCert(), gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 151/208: darwinssl: fix pinnedpubkey build error, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 131/208: curl_setup_once: Remove ERRNO/SET_ERRNO macros, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 132/208: curl-compilers.m4: disable warning spam with Cygwin's clang, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 169/208: http: fix response code parser to avoid integer overflow,
gnunet <=
- [GNUnet-SVN] [gnurl] 158/208: timeval: struct curltime is a struct timeval replacement, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 59/208: maketgz: switch to xz instead of lzma, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 113/208: test506: skip if threaded-resolver, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 110/208: http: s/TINY_INITIAL_POST_SIZE/EXPECT_100_THRESHOLD, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 87/208: unit1399: add logging to time comparison, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 98/208: configure: remove checks for 5 functions never used, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 83/208: test1521: fix out-of-tree builds, broken with 467da3af, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 116/208: appveyor: enable CURL_WERROR on all builds, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 115/208: cmake: add CURL_WERROR for enabling "warning as errors", gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 121/208: CURLOPT_POSTFIELDS.3: explain the 100-continue magic better, gnunet, 2017/08/09