From 9bd3b14042e12d84f39ea9f55731705ba516f525 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tommi=20M=C3=A4kitalo?= <tommi@tntnet.org> Date: Wed, 11 Dec 2013 14:59:32 +0100 Subject: [PATCH] fix possible information leak --- framework/common/messageheaderparser.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/framework/common/messageheaderparser.cpp b/framework/common/messageheaderparser.cpp index 0c74c70..7bb5d6c 100644 --- a/framework/common/messageheaderparser.cpp +++ b/framework/common/messageheaderparser.cpp @@ -204,6 +204,7 @@ break; } + *headerdataPtr = '\0'; return true; } else if (std::isspace(ch)) @@ -259,7 +260,10 @@ void Messageheader::Parser::checkHeaderspace(unsigned chars) const { if (headerdataPtr + chars >= header.rawdata + sizeof(header.rawdata)) + { + header.rawdata[sizeof(header.rawdata) - 1] = '\0'; throw HttpError(HTTP_REQUEST_ENTITY_TOO_LARGE, "header too large"); + } } void Messageheader::Parser::reset() -- 1.8.5.1