[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 96/178: http2: avoid strstr() on data not zero term
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnurl] 96/178: http2: avoid strstr() on data not zero terminated |
|
Date: |
Wed, 23 May 2018 12:25:31 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 1514c44655e12e93e453bbc9e1934cf6d30d3817
Author: Daniel Stenberg <address@hidden>
AuthorDate: Fri Apr 20 16:32:46 2018 +0200
http2: avoid strstr() on data not zero terminated
It's not strictly clear if the API contract allows us to call strstr()
on a string that isn't zero terminated even when we know it will find
the substring, and clang's ASAN check dislikes us for it.
Also added a check of the return code in case it fails, even if I can't
think of a situation how that can trigger.
Detected by OSS-Fuzz
Closes #2513
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7760
---
lib/http2.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/lib/http2.c b/lib/http2.c
index e60ae247b..077c03e6f 100644
--- a/lib/http2.c
+++ b/lib/http2.c
@@ -1851,8 +1851,11 @@ static ssize_t http2_send(struct connectdata *conn, int
sockindex,
return -1;
}
- /* Extract :method, :path from request line */
- line_end = strstr(hdbuf, "\r\n");
+ /* Extract :method, :path from request line
+ We do line endings with CRLF so checking for CR is enough */
+ line_end = memchr(hdbuf, '\r', len);
+ if(!line_end)
+ goto fail;
/* Method does not contain spaces */
end = memchr(hdbuf, ' ', line_end - hdbuf);
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 167/178: ntlm: Fix format specifiers, (continued)
- [GNUnet-SVN] [gnurl] 167/178: ntlm: Fix format specifiers, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 77/178: system.h: Add sparcv8plus to oracle/sunpro 32-bit detection, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 80/178: test1148: tolerate progress updates better, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 65/178: test1136: fix cookie order after commit c990eadd1277, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 84/178: schannel: add client certificate authentication, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 74/178: duphandle: make sure CURLOPT_RESOLVE is duplicated fine too, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 66/178: winbuild: updated the documentation, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 79/178: ssh: show libSSH2 error code when closing fails, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 92/178: detect_proxy: only show proxy use if it had contents, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 82/178: configure: keep LD_LIBRARY_PATH changes local, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 96/178: http2: avoid strstr() on data not zero terminated,
gnunet <=
- [GNUnet-SVN] [gnurl] 93/178: ftplistparser: keep state between invokes, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 112/178: examples/http2-upload: expand buffer to avoid silly warning, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 104/178: http2: convert an assert to run-time check, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 97/178: http2: clear the "drain counter" when a stream is closed, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 102/178: CURLOPT_SSLCERT.3: improve WinSSL-specific usage info, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 89/178: schannel: fix warning, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 109/178: Curl_memchr: zero length input can't match, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 101/178: schannel: fix build error on targets <= XP, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 121/178: cyassl: adapt to libraries without TLS 1.0 support built-in, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 123/178: http2: fix null pointer dereference in http2_connisdead, gnunet, 2018/05/23