commit 13527f93876020861ed6dc8701e94fc6beba0d45 Author: Steven Cheung cheung@csl.sri.com Date: Wed Dec 21 18:51:54 2011 +0000
Vinod fixed a buf overflow bug in http_server_receive
git-svn-id: svn+ssh://spartan.csl.sri.com/svn/private/DEFIANCE@188 a58ff0ac-194c-e011-a152-003048836090 --- src/steg/http.cc | 8 +++++++- 1 files changed, 7 insertions(+), 1 deletions(-)
diff --git a/src/steg/http.cc b/src/steg/http.cc index e4bdb0e..47290b0 100644 --- a/src/steg/http.cc +++ b/src/steg/http.cc @@ -730,7 +730,7 @@ http_server_receive(http *s, conn_t *conn, struct evbuffer *dest, struct evbuffe c = 0;
- while (strncmp((char*) p, "\r\n", 2) != 0 && (cookie_mode != 0 || p[0] != '.')) { + while (strncmp((char*) p, "\r\n", 2) != 0 && (cookie_mode != 0 || p[0] != '.') && sofar < MAX_COOKIE_SIZE) { if (!secondhalf) c = 0; if ('0' <= *p && *p <= '9') @@ -751,6 +751,12 @@ http_server_receive(http *s, conn_t *conn, struct evbuffer *dest, struct evbuffe p++; }
+ + if (sofar >= MAX_COOKIE_SIZE) { + fprintf(stderr, "cookie buffer overflow\n"); + exit(-1); + } + outbuf[sofar] = 0;
if (secondhalf) {