[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] branch master updated (c3ea38eb -> 8d9eb70d)
|
From: |
gnunet |
|
Subject: |
[libmicrohttpd] branch master updated (c3ea38eb -> 8d9eb70d) |
|
Date: |
Sun, 29 May 2022 20:36:07 +0200 |
This is an automated email from the git hooks/post-receive script.
karlson2k pushed a change to branch master
in repository libmicrohttpd.
from c3ea38eb configure: do not use -Wno-reserved-macro-identifier
new 3a97a11f .gitignore: Updated
new 018e77a4 MHD_str_remove_token_caseless_(): added check, muted compiler
warnings
new 8d9eb70d response.c: better handle broken situation
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
src/microhttpd/mhd_str.c | 14 ++++++++++----
src/microhttpd/response.c | 6 +++++-
src/testcurl/.gitignore | 2 ++
3 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/src/microhttpd/mhd_str.c b/src/microhttpd/mhd_str.c
index ece6ef44..ff8b4e3e 100644
--- a/src/microhttpd/mhd_str.c
+++ b/src/microhttpd/mhd_str.c
@@ -568,6 +568,12 @@ MHD_str_remove_token_caseless_ (const char *str,
mhd_assert (NULL == memchr (token, ',', token_len));
mhd_assert (0 <= *buf_size);
+ if (SSIZE_MAX <= ((str_len / 2) * 3 + 3))
+ {
+ /* The return value may overflow, refuse */
+ *buf_size = (ssize_t) -1;
+ return false;
+ }
s1 = str;
s2 = buf;
token_removed = false;
@@ -627,7 +633,7 @@ MHD_str_remove_token_caseless_ (const char *str,
copy_size = (size_t) (s1 - cur_token);
if (buf == s2)
{ /* The first token to copy to the output */
- if (*buf_size < copy_size)
+ if ((size_t) *buf_size < copy_size)
{ /* Not enough space in the output buffer */
*buf_size = (ssize_t) -1;
return false;
@@ -636,7 +642,7 @@ MHD_str_remove_token_caseless_ (const char *str,
else
{ /* Some token was already copied to the output buffer */
mhd_assert (s2 > buf);
- if (*buf_size < ((size_t) (s2 - buf)) + copy_size + 2)
+ if ((size_t) *buf_size < ((size_t) (s2 - buf)) + copy_size + 2)
{ /* Not enough space in the output buffer */
*buf_size = (ssize_t) -1;
return false;
@@ -661,7 +667,7 @@ MHD_str_remove_token_caseless_ (const char *str,
(',' != *s1) && (' ' != *s1) && ('\t' != *s1) )
{
mhd_assert (s2 >= buf);
- if (*buf_size <= (size_t) (s2 - buf)) /* '<= s2' equals '< s2 + 1' */
+ if ((size_t) *buf_size <= (size_t) (s2 - buf)) /* '<= s2' equals '< s2
+ 1' */
{ /* Not enough space in the output buffer */
*buf_size = (ssize_t) -1;
return false;
@@ -681,7 +687,7 @@ MHD_str_remove_token_caseless_ (const char *str,
if (((size_t) (s1 - str) < str_len) && (',' != *s1))
{ /* Not the end of the current token */
mhd_assert (s2 >= buf);
- if (*buf_size <= (size_t) (s2 - buf)) /* '<= s2' equals '< s2 + 1' */
+ if ((size_t) *buf_size <= (size_t) (s2 - buf)) /* '<= s2' equals '< s2
+ 1' */
{ /* Not enough space in the output buffer */
*buf_size = (ssize_t) -1;
return false;
diff --git a/src/microhttpd/response.c b/src/microhttpd/response.c
index 13fb253b..e50d2a55 100644
--- a/src/microhttpd/response.c
+++ b/src/microhttpd/response.c
@@ -273,7 +273,11 @@ add_response_header_connection (struct MHD_Response
*response,
&norm_len_s);
mhd_assert (0 <= norm_len_s);
if (0 > norm_len_s)
- norm_len = 0; /* Must never happen */
+ {
+ /* Must never happen with realistic sizes */
+ free (buf);
+ return MHD_NO;
+ }
else
norm_len = (size_t) norm_len_s;
}
diff --git a/src/testcurl/.gitignore b/src/testcurl/.gitignore
index e97c8cbf..d67154d5 100644
--- a/src/testcurl/.gitignore
+++ b/src/testcurl/.gitignore
@@ -150,3 +150,5 @@ core
/test_tricky_url
/test_tricky_header2
/test_digestauth_concurrent
+/test_basicauth
+/test_parse_cookies_invalid
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [libmicrohttpd] branch master updated (c3ea38eb -> 8d9eb70d),
gnunet <=