[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 227/256: file_range: avoid integer overflow when fi
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnurl] 227/256: file_range: avoid integer overflow when figuring out byte range |
|
Date: |
Fri, 06 Oct 2017 19:45:18 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit afbdc96638a769d9bee8579d8b70f54537f5e891
Author: Daniel Stenberg <address@hidden>
AuthorDate: Fri Sep 22 14:24:39 2017 +0200
file_range: avoid integer overflow when figuring out byte range
When trying to bump the value with one and the value is already at max,
it causes an integer overflow.
Closes #1908
Detected by oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3465
Assisted-by: Max Dymond
---
lib/file.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lib/file.c b/lib/file.c
index 82c576f38..7cfdab19f 100644
--- a/lib/file.c
+++ b/lib/file.c
@@ -165,6 +165,9 @@ static CURLcode file_range(struct connectdata *conn)
else {
/* X-Y */
totalsize = to-from;
+ if(totalsize == CURL_OFF_T_MAX)
+ /* this is too big to increase, so bail out */
+ return CURLE_RANGE_ERROR;
data->req.maxdownload = totalsize + 1; /* include last byte */
data->state.resume_from = from;
DEBUGF(infof(data, "RANGE from %" CURL_FORMAT_CURL_OFF_T
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 192/256: test1150: verify same host fetch using different ports over proxy, (continued)
- [GNUnet-SVN] [gnurl] 192/256: test1150: verify same host fetch using different ports over proxy, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 199/256: server/getpart: provide dummy function to build conversion enabled, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 230/256: RELEASE-NOTES: synced with d8ab5dc50, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 134/256: headers: move the global_sslset() proto from multi.h to curl.h, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 190/256: RELEASE-NOTES: synced with 87501e57f, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 252/256: idn: fix source code comment, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 135/256: lib: bump version info (soname). Adapt and reenable test 1135., gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 193/256: tests: add initial gssapi test using stub implementation, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 226/256: tests: fix a compiler warning in test 643, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 235/256: docs: link CURLOPT_CONNECTTIMEOUT and CURLOPT_CONNECTTIMEOUT_MS, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 227/256: file_range: avoid integer overflow when figuring out byte range,
gnunet <=
- [GNUnet-SVN] [gnurl] 218/256: form/mime: field names are not allowed to contain zero-valued bytes., gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 197/256: escape.c: error: pointer targets differ in signedness, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 243/256: TODO: remove deprecated form API items., gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 187/256: code style: use space after semicolon, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 182/256: checksrc: verify spaces around equals signs, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 209/256: ossfuzz: changes before merging the generated corpora, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 255/256: RELEASE-NOTES: curl 7.56.0, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 232/256: reuse_conn: don't copy flags that are known to be equal, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 186/256: checksrc: verify space after semicolons, gnunet, 2017/10/06
- [GNUnet-SVN] [gnurl] 231/256: curl.h: include <sys/select.h> on cygwin too, gnunet, 2017/10/06