[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 122/178: http2: get rid of another strstr()
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnurl] 122/178: http2: get rid of another strstr() |
|
Date: |
Wed, 23 May 2018 12:25:57 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 2ef1662e4bc20f1641bc678141c2df0e42e21e3f
Author: Daniel Stenberg <address@hidden>
AuthorDate: Thu Apr 26 10:41:21 2018 +0200
http2: get rid of another strstr()
Follow-up to 1514c44655e12e: replace another strstr() call done on a
buffer that might not be zero terminated - with a memchr() call, even if
we know the substring will be found.
Assisted-by: Max Dymond
Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8021
Closes #2534
---
lib/http2.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/lib/http2.c b/lib/http2.c
index 7dea16125..25d74c1a1 100644
--- a/lib/http2.c
+++ b/lib/http2.c
@@ -1923,8 +1923,10 @@ static ssize_t http2_send(struct connectdata *conn, int
sockindex,
hdbuf = line_end + 2;
- line_end = strstr(hdbuf, "\r\n");
- if(line_end == hdbuf)
+ /* check for next CR, but only within the piece of data left in the given
+ buffer */
+ line_end = memchr(hdbuf, '\r', len - (hdbuf - (char *)mem));
+ if(!line_end || (line_end == hdbuf))
goto fail;
/* header continuation lines are not supported */
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 87/178: RELEASE-NOTES: synced, (continued)
- [GNUnet-SVN] [gnurl] 87/178: RELEASE-NOTES: synced, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 91/178: http2: handle on_begin_headers() called more than once, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 120/178: configure: provide --with-wolfssl as an alias for --with-cyassl, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 75/178: all: Refactor malloc+memset to use calloc, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 83/178: ntlm_sspi: fix authentication using Credential Manager, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 111/178: examples/sftpuploadresume: typecast fseek argument to long, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 95/178: openssl: fix subjectAltName check on non-ASCII platforms, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 117/178: cookies: ensure that we have cookies before writing jar, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 106/178: RELEASE-NOTES: synced, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 98/178: http2: handle GOAWAY properly, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 122/178: http2: get rid of another strstr(),
gnunet <=
- [GNUnet-SVN] [gnurl] 125/178: cookies: remove unused macro, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 94/178: openssl: Add support for OpenSSL 1.1.1 verbose-mode trace messages, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 128/178: TODO: CLOEXEC, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 118/178: os400.c: fix ASSIGNWITHINCONDITION checksrc warnings, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 137/178: TODO: remove configure --disable-pthreads, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 148/178: transfer: don't unset writesockfd on setup of multiplexed conns, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 151/178: github/lock: auto-lock closed issues after 90 days of inactivity, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 154/178: RELEASE-NOTES: typo, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 144/178: configure: only check for CA bundle for file-using SSL backends, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 147/178: configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h, gnunet, 2018/05/23