Hi Matthew, Matthew White <[email protected]> writes:
> [Coverity Scan is ok, make syntax-check is ok, make check-valgrind is ok, > contrib/check-hard is ok] > > Before this patch, a malformed base64 Metalink/HTTP Digest header was causing > a memory exaustion. > > This introduces the ability to properly detect and discard a malformed base64 > Metalink/HTTP Digest header. > > The following description is verbatim from the patch: > ----- > On malformed base64 input, ssize_t base64_decode() returns -1. Such > value is too big for a size_t variable, and used as xmalloc() value > will exaust all the memory. > ----- > > Regards, > Matthew > > -- > Matthew White <[email protected]> > > From 4353ce34fa71c7684ad7ccee4ccf0cecc424c878 Mon Sep 17 00:00:00 2001 > From: Matthew White <[email protected]> > Date: Sat, 27 Aug 2016 20:28:42 +0200 > Subject: [PATCH 21/25] Bugfix: Detect malformed base64 Metalink/HTTP Digest > header > > * src/http.c (metalink_from_http): Fix hash_bin_len type. Use ssize_t > instead than size_t. Reject -1 as base64_decode() return value > * testenv/Makefile.am: Add new file > * testenv/Test-metalink-http-baddigest.py: New file. Metalink/HTTP > malformed base64 Digest header tests > > On malformed base64 input, ssize_t base64_decode() returns -1. Such > value is too big for a size_t variable, and used as xmalloc() value > will exaust all the memory. > --- > src/http.c | 14 +++-- > testenv/Makefile.am | 1 + > testenv/Test-metalink-http-baddigest.py | 94 > +++++++++++++++++++++++++++++++++ > 3 files changed, 106 insertions(+), 3 deletions(-) > create mode 100755 testenv/Test-metalink-http-baddigest.py ACK Giuseppe
