From da6abc27330b160d5b7a4c6e455bbb349a7049db Mon Sep 17 00:00:00 2001
From: "nicolas.dufresne@gmail.com"
 <nicolas.dufresne@gmail.com@c587cffe-e639-0410-9787-d7902ae8ed56>
Date: Wed, 10 Oct 2012 16:14:27 +0000
Subject: Fix buffer overflow downloading large pac file

This fixes CVE CVE-2012-4504

git-svn-id: http://libproxy.googlecode.com/svn/trunk@853 c587cffe-e639-0410-9787-d7902ae8ed56
---
 libproxy/url.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libproxy/url.cpp b/libproxy/url.cpp
index d00adfd..dcebcde 100644
--- a/libproxy/url.cpp
+++ b/libproxy/url.cpp
@@ -474,9 +474,10 @@ char* url::get_pac() {
 				// Add this chunk to our content length,
 				// ensuring that we aren't over our max size
 				content_length += chunk_length;
-				if (content_length >= PAC_MAX_SIZE) break;
 			}
 
+			if (content_length >= PAC_MAX_SIZE) break;
+
 			while (recvd != content_length) {
 				int r = recv(sock, buffer + recvd, content_length - recvd, 0);
 				if (r < 0) break;
-- 
cgit v1.2.1