Merge branch 'fix_missing_overflow_checks' into 'master'

Adding a missing test on integer overflow within g_http_proxy_connect() See merge request GNOME/glib!1917
2025-01-27 06:26:15 +01:00 · 2021-02-09 18:07:20 +00:00 · 2021-02-09 18:07:20 +00:00 · ec77b30fed
commit ec77b30fed
parent 3e5e7aa8e9 a5e3be4a0c
1 changed files with 11 additions and 0 deletions
--- a/gio/ghttpproxy.c
+++ b/gio/ghttpproxy.c
@ -255,6 +255,17 @@ g_http_proxy_connect (GProxy         *proxy,

      if (bytes_read == buffer_length)
        {
+          /* HTTP specifications does not defines any upper limit for
+           * headers. But, the most usual size used seems to be 8KB.
+           * Yet, the biggest we found was Tomcat's HTTP headers whose
+           * size is 48K. So, for a reasonable error margin, let's accept
+           * a header with a twice as large size but no more: 96KB */
+          if (buffer_length > 98304)
+            {
+              g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
+                                   _("HTTP proxy response too big"));
+              goto error;
+            }
          buffer_length = 2 * buffer_length;
          buffer = g_realloc (buffer, buffer_length);
        }