Fix buffer overflow downloading large pac file

This fixes CVE CVE-2012-4504 git-svn-id: http://libproxy.googlecode.com/svn/trunk@853 c587cffe-e639-0410-9787-d7902ae8ed56
author: nicolas.dufresne@gmail.com <nicolas.dufresne@gmail.com@c587cffe-e639-0410-9787-d7902ae8ed56> 2012-10-10 16:14:27 +0000
committer: nicolas.dufresne@gmail.com <nicolas.dufresne@gmail.com@c587cffe-e639-0410-9787-d7902ae8ed56> 2012-10-10 16:14:27 +0000
commit: da6abc27330b160d5b7a4c6e455bbb349a7049db (patch)
tree: a7826045ff4ebc34c777ba9b78526d556c366eaf
parent: bbfab384761c6582c3622a16c22ba47c43748902 (diff)
download: libproxy-da6abc27330b160d5b7a4c6e455bbb349a7049db.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/libproxy/url.cpp b/libproxy/url.cpp
index d00adfd..dcebcde 100644
--- a/libproxy/url.cpp
+++ b/libproxy/url.cpp
@@ -474,9 +474,10 @@ char* url::get_pac() {
 				// Add this chunk to our content length,
 				// ensuring that we aren't over our max size
 				content_length += chunk_length;
-				if (content_length >= PAC_MAX_SIZE) break;
 			}
 
+			if (content_length >= PAC_MAX_SIZE) break;
+
 			while (recvd != content_length) {
 				int r = recv(sock, buffer + recvd, content_length - recvd, 0);
 				if (r < 0) break;
author	nicolas.dufresne@gmail.com <nicolas.dufresne@gmail.com@c587cffe-e639-0410-9787-d7902ae8ed56>	2012-10-10 16:14:27 +0000
committer	nicolas.dufresne@gmail.com <nicolas.dufresne@gmail.com@c587cffe-e639-0410-9787-d7902ae8ed56>	2012-10-10 16:14:27 +0000
commit	da6abc27330b160d5b7a4c6e455bbb349a7049db (patch)
tree	a7826045ff4ebc34c777ba9b78526d556c366eaf
parent	bbfab384761c6582c3622a16c22ba47c43748902 (diff)
download	libproxy-da6abc27330b160d5b7a4c6e455bbb349a7049db.tar.gz