[Privoxy-commits] [privoxy] 02/13: remove_chunked_transfer_coding(): Refuse to de-chunk invalid data

[User Git]

This is an automated email from the git hooks/post-receive script.

git pushed a commit to branch master
in repository privoxy.

commit a123fb5113d6816320488f3239b6ae48b489ee9c
Author: Fabian Keil <fk at fabiankeil.de>
AuthorDate: Wed Mar 31 12:14:36 2021 +0200

    remove_chunked_transfer_coding(): Refuse to de-chunk invalid data
    
    Previously the data could get corrupted even further.
    Now we simply pass the unmodified data to the client.
---
 filters.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/filters.c b/filters.c
index baaaea5f..21ee44d5 100644
--- a/filters.c
+++ b/filters.c
@@ -2317,6 +2317,18 @@ static jb_err remove_chunked_transfer_coding(char *buffer, size_t *size)
    assert(buffer);
    from_p = to_p = buffer;
 
+#ifndef FUZZ
+   /*
+    * Refuse to de-chunk invalid or incomplete data unless we're fuzzing.
+    */
+   if (!chunked_data_is_complete(buffer, *size, 0))
+   {
+      log_error(LOG_LEVEL_ERROR,
+         "Chunk-encoding appears to be invalid. Content can't be filtered.");
+      return JB_ERR_PARSE;
+   }
+#endif
+
    if (sscanf(buffer, "%x", &chunksize) != 1)
    {
       log_error(LOG_LEVEL_ERROR, "Invalid first chunksize while stripping \"chunked\" transfer coding");

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.