Sophie

Sophie

distrib > Mageia > 4 > x86_64 > by-pkgid > 34a7a091d1aba0f8442e448d96ff0477 > files > 2

tntnet-2.2-2.1.mga4.src.rpm

From 9bd3b14042e12d84f39ea9f55731705ba516f525 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tommi=20M=C3=A4kitalo?= <tommi@tntnet.org>
Date: Wed, 11 Dec 2013 14:59:32 +0100
Subject: [PATCH] fix possible information leak

---
 framework/common/messageheaderparser.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/framework/common/messageheaderparser.cpp b/framework/common/messageheaderparser.cpp
index 0c74c70..7bb5d6c 100644
--- a/framework/common/messageheaderparser.cpp
+++ b/framework/common/messageheaderparser.cpp
@@ -204,6 +204,7 @@
                    break;
       }
 
+      *headerdataPtr = '\0';
       return true;
     }
     else if (std::isspace(ch))
@@ -259,7 +260,10 @@
   void Messageheader::Parser::checkHeaderspace(unsigned chars) const
   {
     if (headerdataPtr + chars >= header.rawdata + sizeof(header.rawdata))
+    {
+      header.rawdata[sizeof(header.rawdata) - 1] = '\0';
       throw HttpError(HTTP_REQUEST_ENTITY_TOO_LARGE, "header too large");
+    }
   }
 
   void Messageheader::Parser::reset()
-- 
1.8.5.1

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional