qulogic/pidgin

Gadu-Gadu: fix a possible HTTP Content-Length integer overflow (VRT-2013-1001)
release-2.x.y
2013-11-25, Tomasz Wasilczyk
ec15aa187aa0
Parents 2a77da513a03
Children 4c897372b5a4
Gadu-Gadu: fix a possible HTTP Content-Length integer overflow (VRT-2013-1001)
1 files changed, 7 insertions(+), 0 deletions(-)
  • +7 -0
    libpurple/protocols/gg/lib/http.c
    • --- a/libpurple/protocols/gg/lib/http.c Sat Nov 09 16:47:10 2013 -0500
    +++ b/libpurple/protocols/gg/lib/http.c Mon Nov 25 17:03:17 2013 +0100
    @@ -47,6 +47,8 @@
    #include <string.h>
    #include <unistd.h>
    +#define GG_HTTP_MAX_LENGTH 1000000000
    +
    /**
    * Rozpoczyna połączenie HTTP.
    *
    @@ -364,6 +366,11 @@
    h->body_size = left;
    }
    + if (h->body_size > GG_HTTP_MAX_LENGTH) {
    + gg_debug(GG_DEBUG_MISC, "=> http, content-length too big\n");
    + h->body_size = GG_HTTP_MAX_LENGTH;
    + }
    +
    if (left > h->body_size) {
    gg_debug(GG_DEBUG_MISC, "=> http, oversized reply (%d bytes needed, %d bytes left)\n", h->body_size, left);
    h->body_size = left;