curl/curl
1
1
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-09-18 10:02:45 +03:00
Code Issues Packages Projects Releases Wiki Activity

formdata: avoid size_t => long typecast overflows

Browse Source 
Typically a problem for platforms with 32 bit long and 64 bit size_t

Reported-by: Fabian Yamaguchi
Bug: https://hackerone.com/reports/1444539
Closes #8272
This commit is contained in:
Daniel Stenberg 2022-01-09 17:00:43 +01:00
parent 7422110b48
commit 8188ca91eb
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/formdata.c
View File

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@ -77,10 +77,15 @@ AddHttpPost(char *name, size_t namelength,
struct curl_httppost **last_post) struct curl_httppost **last_post)
{ {
struct curl_httppost *post; struct curl_httppost *post;
if(!namelength && name)
namelength = strlen(name);
if((bufferlength > LONG_MAX) || (namelength > LONG_MAX))
/* avoid overflow in typecasts below */
return NULL;
post = calloc(1, sizeof(struct curl_httppost)); post = calloc(1, sizeof(struct curl_httppost));
if(post) { if(post) {
post->name = name; post->name = name;
post->namelength = (long)(name?(namelength?namelength:strlen(name)):0); post->namelength = (long)namelength;
post->contents = value; post->contents = value;
post->contentlen = contentslength; post->contentlen = contentslength;
post->buffer = buffer; post->buffer = buffer;