HGKeeper

c9e5aba2dafd

Correct HTTP chunked transfers code (not fixed in rev ebe3fb4a3bc2)

+5 -2

~~--- a/libpurple/util.c Fri Jul 05 12:14:21 2013 +0200~~

+++ b/libpurple/util.c Tue Aug 20 17:36:14 2013 +0200

@@ -37,6 +37,8 @@

specified a length) */

#define DEFAULT_MAX_HTTP_DOWNLOAD (512 * 1024)

+#define MAX_HTTP_CHUNK_SIZE (10 * 1024 * 1024)

+

struct _PurpleUtilFetchUrlData

{

PurpleUtilFetchUrlCallback callback;

@@ -3781,11 +3783,12 @@

break;

s += 2;

~~- if (s + sz > data + *len) {~~

+ if (sz > MAX_HTTP_CHUNK_SIZE || s + sz > data + *len) {

purple_debug_error("util", "Error processing chunked data: "

"Chunk size %" G_GSIZE_FORMAT " bytes was longer "

"than the data remaining in the buffer (%"

G_GSIZE_FORMAT " bytes)\n", sz, data + *len - s);

+ break;

}

/* Move all data overtop of the chunk length that we read in earlier */

@@ -3793,7 +3796,7 @@

p += sz;

s += sz;

newlen += sz;

~~- if (*s != '\r' && *(s + 1) != '\n') {~~

+ if (*s == '\0' || (*s != '\r' && *(s + 1) != '\n')) {

purple_debug_error("util", "Error processing chunked data: "

"Expected \\r\\n, found: %s\n", s);

break;