Fix buffer overflow downloading large pac file

This fixes CVE CVE-2012-4504
author: nicolas.dufresne@gmail.com <nicolas.dufresne@gmail.com@c587cffe-e639-0410-9787-d7902ae8ed56> 2012-10-10 16:14:27 +0000
committer: nicolas.dufresne@gmail.com <nicolas.dufresne@gmail.com@c587cffe-e639-0410-9787-d7902ae8ed56> 2012-10-10 16:14:27 +0000
commit: c440553c12836664afd24a24fb3a4d10a2facd2c (patch)
tree: a7826045ff4ebc34c777ba9b78526d556c366eaf
parent: ffc977c1ed4add19d225076e8060fab83f64a0ee (diff)
download: libproxy-git-c440553c12836664afd24a24fb3a4d10a2facd2c.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/libproxy/url.cpp b/libproxy/url.cpp
index d00adfd..dcebcde 100644
--- a/libproxy/url.cpp
+++ b/libproxy/url.cpp
@@ -474,9 +474,10 @@ char* url::get_pac() {
 				// Add this chunk to our content length,
 				// ensuring that we aren't over our max size
 				content_length += chunk_length;
-				if (content_length >= PAC_MAX_SIZE) break;
 			}
 
+			if (content_length >= PAC_MAX_SIZE) break;
+
 			while (recvd != content_length) {
 				int r = recv(sock, buffer + recvd, content_length - recvd, 0);
 				if (r < 0) break;
author	nicolas.dufresne@gmail.com <nicolas.dufresne@gmail.com@c587cffe-e639-0410-9787-d7902ae8ed56>	2012-10-10 16:14:27 +0000
committer	nicolas.dufresne@gmail.com <nicolas.dufresne@gmail.com@c587cffe-e639-0410-9787-d7902ae8ed56>	2012-10-10 16:14:27 +0000
commit	c440553c12836664afd24a24fb3a4d10a2facd2c (patch)
tree	a7826045ff4ebc34c777ba9b78526d556c366eaf
parent	ffc977c1ed4add19d225076e8060fab83f64a0ee (diff)
download	libproxy-git-c440553c12836664afd24a24fb3a4d10a2facd2c.tar.gz