diff options
author | Tim Rühsen <tim.ruehsen@gmx.de> | 2017-10-20 10:59:38 +0200 |
---|---|---|
committer | Tim Rühsen <tim.ruehsen@gmx.de> | 2017-10-26 17:29:38 +0200 |
commit | d892291fb8ace4c3b734ea5125770989c215df3f (patch) | |
tree | c572afb4279023c1caba5392cc2315021a64af35 | |
parent | bec4c215a8cbaa1ddec71180f328abfcce81ee40 (diff) | |
download | wget-d892291fb8ace4c3b734ea5125770989c215df3f.tar.gz |
Fix stack overflow in HTTP protocol handling (CVE-2017-13089)
* src/http.c (skip_short_body): Return error on negative chunk size
Reported-by: Antti Levomäki, Christian Jalio, Joonas Pihlaja from Forcepoint
Reported-by: Juhani Eronen from Finnish National Cyber Security Centre
-rw-r--r-- | src/http.c | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -973,6 +973,9 @@ skip_short_body (int fd, wgint contlen, bool chunked) remaining_chunk_size = strtol (line, &endl, 16); xfree (line); + if (remaining_chunk_size < 0) + return false; + if (remaining_chunk_size == 0) { line = fd_read_line (fd); |