mirror of
https://gitlab.gnome.org/GNOME/glib.git
synced 2024-12-26 15:36:14 +01:00
Adding a missing test on integer overflow within g_http_proxy_connect()
Fixes #2315
This commit is contained in:
parent
3e5e7aa8e9
commit
a5e3be4a0c
@ -255,6 +255,17 @@ g_http_proxy_connect (GProxy *proxy,
|
|||||||
|
|
||||||
if (bytes_read == buffer_length)
|
if (bytes_read == buffer_length)
|
||||||
{
|
{
|
||||||
|
/* HTTP specifications does not defines any upper limit for
|
||||||
|
* headers. But, the most usual size used seems to be 8KB.
|
||||||
|
* Yet, the biggest we found was Tomcat's HTTP headers whose
|
||||||
|
* size is 48K. So, for a reasonable error margin, let's accept
|
||||||
|
* a header with a twice as large size but no more: 96KB */
|
||||||
|
if (buffer_length > 98304)
|
||||||
|
{
|
||||||
|
g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
|
||||||
|
_("HTTP proxy response too big"));
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
buffer_length = 2 * buffer_length;
|
buffer_length = 2 * buffer_length;
|
||||||
buffer = g_realloc (buffer, buffer_length);
|
buffer = g_realloc (buffer, buffer_length);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user