diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2014-01-16 23:07:54 +0100 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2014-01-17 08:37:44 +0100 |
| commit | 345891edba32312686e18d8ff185f4476b74e417 (patch) | |
| tree | cd7e6661dea2e54c5c633931b50b0d1197527bdb /lib/http_chunks.c | |
| parent | 821094ba728cb2778dd4ebad6ab1bb149504c73e (diff) | |
| download | curl-345891edba32312686e18d8ff185f4476b74e417.tar.gz | |
chunked-parser: abort on overflows, allow 64 bit chunks
Diffstat (limited to 'lib/http_chunks.c')
| -rw-r--r-- | lib/http_chunks.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/lib/http_chunks.c b/lib/http_chunks.c index e9fddf588..236543211 100644 --- a/lib/http_chunks.c +++ b/lib/http_chunks.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -31,6 +31,7 @@ #include "http.h" #include "curl_memory.h" #include "non-ascii.h" /* for Curl_convert_to_network prototype */ +#include "strtoofft.h" #define _MPRINTF_REPLACE /* use our functions only */ #include <curl/mprintf.h> @@ -113,7 +114,7 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn, struct Curl_chunker *ch = &conn->chunk; struct SingleRequest *k = &data->req; size_t piece; - size_t length = (size_t)datalen; + curl_off_t length = (curl_off_t)datalen; size_t *wrote = (size_t *)wrotep; *wrote = 0; /* nothing's written yet */ @@ -141,6 +142,7 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn, } } else { + char *endptr; if(0 == ch->hexindex) { /* This is illegal data, we received junk where we expected a hexadecimal digit. */ @@ -155,10 +157,13 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn, if(result) { /* Curl_convert_from_network calls failf if unsuccessful */ /* Treat it as a bad hex character */ - return(CHUNKE_ILLEGAL_HEX); + return CHUNKE_ILLEGAL_HEX ; } - ch->datasize=strtoul(ch->hexbuffer, NULL, 16); + ch->datasize=curlx_strtoofft(ch->hexbuffer, &endptr, 16); + if(errno == ERANGE) + /* over or underflow is an error */ + return CHUNKE_ILLEGAL_HEX; ch->state = CHUNK_POSTHEX; } break; |