curl/curl
1
1
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-09-18 01:52:41 +03:00
Code Issues Packages Projects Releases Wiki Activity

formdata: avoid size_t => long typecast overflows

Browse Source 
Typically a problem for platforms with 32 bit long and 64 bit size_t

Reported-by: Fabian Yamaguchi
Bug: https://hackerone.com/reports/1444539
Closes #8272
This commit is contained in:
Daniel Stenberg 2022-01-09 17:00:43 +01:00
parent 7422110b48
commit 8188ca91eb
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/formdata.c
View File

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@ -77,10 +77,15 @@ AddHttpPost(char *name, size_t namelength,
struct curl_httppost **last_post)
{
struct curl_httppost *post;
if(!namelength && name)
namelength = strlen(name);
if((bufferlength > LONG_MAX) || (namelength > LONG_MAX))
/* avoid overflow in typecasts below */
return NULL;
post = calloc(1, sizeof(struct curl_httppost));
if(post) {
post->name = name;
post->namelength = (long)(name?(namelength?namelength:strlen(name)):0);
post->namelength = (long)namelength;
post->contents = value;
post->contentlen = contentslength;
post->buffer = buffer;