openSUSE Build Service

File 12432.patch of Package squid

---------------------
PatchSet 12432 
Date: 2009/02/02 11:13:24
Author: hno
Branch: SQUID_2_7
Tag: (none) 
Log:
Fixup parsing of invalid version numbers

Members: 
	src/HttpMsg.c:1.17->1.17.2.1 
	src/HttpStatusLine.c:1.31->1.31.2.1 

Index: squid/src/HttpMsg.c
===================================================================
RCS file: /cvsroot/squid/squid/src/HttpMsg.c,v
retrieving revision 1.17
retrieving revision 1.17.2.1
diff -u -r1.17 -r1.17.2.1
--- squid/src/HttpMsg.c	13 Dec 2007 01:20:48 -0000	1.17
+++ squid/src/HttpMsg.c	2 Feb 2009 11:13:24 -0000	1.17.2.1
@@ -1,6 +1,6 @@
 
 /*
- * $Id: HttpMsg.c,v 1.17 2007/12/13 01:20:48 hno Exp $
+ * $Id: HttpMsg.c,v 1.17.2.1 2009/02/02 11:13:24 hno Exp $
  *
  * DEBUG: section 74    HTTP Message
  * AUTHOR: Alex Rousskov
@@ -256,11 +256,11 @@
 
 	    /* next should be 1 or more digits */
 	    maj = 0;
-	    for (; i < hmsg->req_end && (xisdigit(hmsg->buf[i])); i++) {
+	    for (; i < hmsg->req_end && (xisdigit(hmsg->buf[i])) && maj < 65536; i++) {
 		maj = maj * 10;
 		maj = maj + (hmsg->buf[i]) - '0';
 	    }
-	    if (i >= hmsg->req_end) {
+	    if (i >= hmsg->req_end || maj >= 65536) {
 		retcode = -1;
 		goto finish;
 	    }
@@ -276,11 +276,14 @@
 	    /* next should be one or more digits */
 	    i++;
 	    min = 0;
-	    for (; i < hmsg->req_end && (xisdigit(hmsg->buf[i])); i++) {
+	    for (; i < hmsg->req_end && (xisdigit(hmsg->buf[i])) && min < 65536; i++) {
 		min = min * 10;
 		min = min + (hmsg->buf[i]) - '0';
 	    }
-
+	    if (maj >= 65536) {
+		retcode = -1;
+		goto finish;
+	    }
 	    /* Find whitespace, end of version */
 	    hmsg->v_end = i;
 	    hmsg->v_len = hmsg->v_end - hmsg->v_start + 1;
Index: squid/src/HttpStatusLine.c
===================================================================
RCS file: /cvsroot/squid/squid/src/HttpStatusLine.c,v
retrieving revision 1.31
retrieving revision 1.31.2.1
diff -u -r1.31 -r1.31.2.1
--- squid/src/HttpStatusLine.c	13 Dec 2007 01:20:48 -0000	1.31
+++ squid/src/HttpStatusLine.c	2 Feb 2009 11:13:24 -0000	1.31.2.1
@@ -1,6 +1,6 @@
 
 /*
- * $Id: HttpStatusLine.c,v 1.31 2007/12/13 01:20:48 hno Exp $
+ * $Id: HttpStatusLine.c,v 1.31.2.1 2009/02/02 11:13:24 hno Exp $
  *
  * DEBUG: section 57    HTTP Status-line
  * AUTHOR: Alex Rousskov
@@ -97,11 +97,11 @@
     /* Format: HTTP/x.x <space> <status code> <space> <reason-phrase> CRLF */
     s = start;
     maj = 0;
-    for (s = start; s < end && xisdigit(*s); s++) {
+    for (s = start; s < end && xisdigit(*s) && maj < 65536; s++) {
 	maj = maj * 10;
 	maj = maj + *s - '0';
     }
-    if (s >= end) {
+    if (s >= end || maj >= 65536) {
 	debug(57, 7) ("httpStatusLineParse: Invalid HTTP reply status major.\n");
 	return 0;
     }
@@ -113,11 +113,11 @@
     s++;
     /* next should be minor number */
     min = 0;
-    for (; s < end && xisdigit(*s); s++) {
+    for (; s < end && xisdigit(*s) && min < 65536; s++) {
 	min = min * 10;
 	min = min + *s - '0';
     }
-    if (s >= end) {
+    if (s >= end || min >= 65536) {
 	debug(57, 7) ("httpStatusLineParse: Invalid HTTP reply status version minor.\n");
 	return 0;
     }
Places

File 12432.patch of Package squid

Places
