[Privoxy-commits] [privoxy] branch master updated: decompress_iob(): Prevent reading of uninitialized data

[User Git]

This is an automated email from the git hooks/post-receive script.

git pushed a commit to branch master
in repository privoxy.

The following commit(s) were added to refs/heads/master by this push:
     new f018685d decompress_iob(): Prevent reading of uninitialized data
f018685d is described below

commit f018685d622080d08641471be338e5e2b698d8df
Author: Fabian Keil <fk at fabiankeil.de>
AuthorDate: Sun Feb 7 17:52:58 2021 +0100

    decompress_iob(): Prevent reading of uninitialized data
    
    Reported by: Joshua Rogers (Opera).
---
 parsers.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/parsers.c b/parsers.c
index 999c715e..3197c4ff 100644
--- a/parsers.c
+++ b/parsers.c
@@ -608,6 +608,14 @@ jb_err decompress_iob(struct client_state *csp)
              * XXX: this code is untested and should probably be removed.
              */
             int skip_bytes;
+
+            if (cur + 2 >= csp->iob->eod)
+            {
+               log_error(LOG_LEVEL_ERROR,
+                  "gzip extra field flag set but insufficient data available.");
+               return JB_ERR_COMPRESS;
+            }
+
             skip_bytes = *cur++;
             skip_bytes += (unsigned char)*cur++ << 8;
 

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.