[GNUnet-SVN] [gnurl] 42/173: http2_send: avoid unsigned integer wrap aro

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [gnurl] 42/173: http2_send: avoid unsigned integer wrap aro

From:	gnunet
Subject:	[GNUnet-SVN] [gnurl] 42/173: http2_send: avoid unsigned integer wrap around
Date:	Fri, 24 Feb 2017 14:01:04 +0100

This is an automated email from the git hooks/post-receive script.

ng0 pushed a commit to annotated tag gnurl-7.53.1
in repository gnurl.

commit c6778aa46a8e8d27b40692a89f1d3be0e2614abb
Author: Daniel Stenberg <address@hidden>
AuthorDate: Wed Jan 11 12:15:37 2017 +0100

    http2_send: avoid unsigned integer wrap around
    
    ... when checking for a too large request.
---
 lib/http2.c | 18 ++++++------------
 1 file changed, 6 insertions(+), 12 deletions(-)

diff --git a/lib/http2.c b/lib/http2.c
index 4cc17ba2b..9088f4dff 100644
--- a/lib/http2.c
+++ b/lib/http2.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -1862,28 +1862,22 @@ static ssize_t http2_send(struct connectdata *conn, int 
sockindex,
 
   /* Warn stream may be rejected if cumulative length of headers is too large.
      It appears nghttp2 will not send a header frame larger than 64KB. */
+#define MAX_ACC 60000  /* <64KB to account for some overhead */
   {
     size_t acc = 0;
-    const size_t max_acc = 60000;  /* <64KB to account for some overhead */
 
     for(i = 0; i < nheader; ++i) {
-      if(nva[i].namelen > max_acc - acc)
-        break;
-      acc += nva[i].namelen;
-
-      if(nva[i].valuelen > max_acc - acc)
-        break;
-      acc += nva[i].valuelen;
+      acc += nva[i].namelen + nva[i].valuelen;
 
       DEBUGF(infof(conn->data, "h2 header: %.*s:%.*s\n",
                    nva[i].namelen, nva[i].name,
                    nva[i].valuelen, nva[i].value));
     }
 
-    if(i != nheader) {
+    if(acc > MAX_ACC) {
       infof(conn->data, "http2_send: Warning: The cumulative length of all "
-                        "headers exceeds %zu bytes and that could cause the "
-                        "stream to be rejected.\n", max_acc);
+            "headers exceeds %zu bytes and that could cause the "
+            "stream to be rejected.\n", MAX_ACC);
     }
   }
 

-- 
To stop receiving notification emails like this one, please contact
address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] [gnurl] 39/173: RELEASE-NOTES: synced with a41e8592d6b3e58, (continued)
- [GNUnet-SVN] [gnurl] 39/173: RELEASE-NOTES: synced with a41e8592d6b3e58, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 13/173: docs/ciphers: link to our own new page about ciphers, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 31/173: wolfssl: display negotiated SSL version and cipher, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 28/173: TheArtOfHttpScripting: grammar, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 22/173: tool_operate: Fix --remote-time incorrect times on Windows, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 19/173: cmake: use crypt32.lib when building with OpenSSL on windows, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 26/173: docs/libcurl: TCP_KEEPALIVE start and interval default to 60, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 20/173: curl_formadd.3: CURLFORM_CONTENTSLENGTH not needed when chunked, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 53/173: IDN: Fix compile time detection of linidn2 TR46, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 58/173: curl: reset the easy handle at --next, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 42/173: http2_send: avoid unsigned integer wrap around, gnunet <=
- [GNUnet-SVN] [gnurl] 69/173: http: print correct HTTP string in verbose output when using HTTP/2, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 43/173: smtp: Fix STARTTLS denied error message, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 36/173: lib506: fix build for Open Watcom, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 38/173: examples: make the C++ examples follow our code style too, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 49/173: IDN: Use TR46 'transitional' for toASCII translations, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 62/173: RELEASE-NOTES: synced with a7c73ae309c, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 25/173: curl.h: CURLE_FUNCTION_NOT_FOUND is no longer in use, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 41/173: cmake: Fix passing _WINSOCKAPI_ macro to compiler, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 54/173: IDN: revert use of the transitional option, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 52/173: url: --noproxy option overrides NO_PROXY environment variable, gnunet, 2017/02/24

Prev by Date: [GNUnet-SVN] [gnurl] 58/173: curl: reset the easy handle at --next
Next by Date: [GNUnet-SVN] [gnurl] 69/173: http: print correct HTTP string in verbose output when using HTTP/2
Previous by thread: [GNUnet-SVN] [gnurl] 58/173: curl: reset the easy handle at --next
Next by thread: [GNUnet-SVN] [gnurl] 69/173: http: print correct HTTP string in verbose output when using HTTP/2
Index(es):
- Date
- Thread