diff options
author | nicolas.dufresne@gmail.com <nicolas.dufresne@gmail.com@c587cffe-e639-0410-9787-d7902ae8ed56> | 2012-10-10 16:14:27 +0000 |
---|---|---|
committer | nicolas.dufresne@gmail.com <nicolas.dufresne@gmail.com@c587cffe-e639-0410-9787-d7902ae8ed56> | 2012-10-10 16:14:27 +0000 |
commit | c440553c12836664afd24a24fb3a4d10a2facd2c (patch) | |
tree | a7826045ff4ebc34c777ba9b78526d556c366eaf | |
parent | ffc977c1ed4add19d225076e8060fab83f64a0ee (diff) | |
download | libproxy-git-c440553c12836664afd24a24fb3a4d10a2facd2c.tar.gz |
Fix buffer overflow downloading large pac file
This fixes CVE CVE-2012-4504
-rw-r--r-- | libproxy/url.cpp | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/libproxy/url.cpp b/libproxy/url.cpp index d00adfd..dcebcde 100644 --- a/libproxy/url.cpp +++ b/libproxy/url.cpp @@ -474,9 +474,10 @@ char* url::get_pac() { // Add this chunk to our content length, // ensuring that we aren't over our max size content_length += chunk_length; - if (content_length >= PAC_MAX_SIZE) break; } + if (content_length >= PAC_MAX_SIZE) break; + while (recvd != content_length) { int r = recv(sock, buffer + recvd, content_length - recvd, 0); if (r < 0) break; |