Fix CVE-2013-6487: a possible buffer overflow when parsing HTTP response

wojtekka · Jan 29, 2014 · 9eb5dfe · 9eb5dfe
1 parent 5a76e9b
commit 9eb5dfe
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/src/http.c b/src/http.c
@@ -43,6 +43,8 @@
 #include <string.h>
 #include <unistd.h>
 
+#define GG_HTTP_MAX_LENGTH 1000000000
+
 /**
  * Rozpoczyna połączenie HTTP.
  *
@@ -360,6 +362,11 @@ int gg_http_watch_fd(struct gg_http *h)
 				h->body_size = left;
 			}
 
+			if (h->body_size > GG_HTTP_MAX_LENGTH) {
+				gg_debug(GG_DEBUG_MISC, "=> http, content-length too big\n");
+				h->body_size = GG_HTTP_MAX_LENGTH;
+			}
+
 			if (left > h->body_size) {
 				gg_debug(GG_DEBUG_MISC, "=> http, oversized reply (%d bytes needed, %d bytes left)\n", h->body_size, left);
 				h->body_size = left;