sergiotarxz/nuttx-apps
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

webclient: Fix buffer overrun in wget_parsestatus

Browse Source 
Similarly to the fix in wget_parseheaders.
But simply always bail out as i guess it's very rare to see
that long status line.

Tested with an aritifically small CONFIG_WEBCLIENT_MAXHTTPLINE=20,
which is smaller than "HTTP/1.1 301 Moved Permanently".
This commit is contained in:
YAMAMOTO Takashi 2021-05-14 11:24:58 +09:00 committed by Alan Carvalho de Assis
parent b53375074b
commit 95c9007668
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
netutils/webclient/webclient.c
View File

@ -376,9 +376,20 @@ static inline int wget_parsestatus(struct webclient_context *ctx,
while (offset < ws->datend)
{
bool got_nl;
ws->line[ndx] = ws->buffer[offset];
if (ws->line[ndx] == ISO_NL)
got_nl = ws->line[ndx] == ISO_NL;
if (got_nl || ndx == CONFIG_WEBCLIENT_MAXHTTPLINE - 1)
{
if (!got_nl)
{
nerr("ERROR: HTTP status line didn't fit "
"CONFIG_WEBCLIENT_MAXHTTPLINE: %.*s\n",
ndx, ws->line);
return -E2BIG;
}
ws->line[ndx] = '\0';
if ((strncmp(ws->line, g_http10, strlen(g_http10)) == 0) ||
(strncmp(ws->line, g_http11, strlen(g_http11)) == 0))