Attachment 1456079 Details for Bug 1597101 – Upstream patch

[patch] Upstream patch

70a2.patch (text/plain), 1.15 KB, created by Sam Fowler on 2018-07-03 01:08:04 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Sam Fowler

Created: 2018-07-03 01:08:04 UTC

Size: 1.15 KB

patch

obsolete

>From cf5856113dfe8311c45a3afc3c588964ab49dd57 Mon Sep 17 00:00:00 2001
>From: Daniel Stenberg <daniel@haxx.se>
>Date: Wed, 13 Jun 2018 12:24:40 +0200
>Subject: [PATCH] smtp: use the upload buffer size for scratch buffer malloc
>
>... not the read buffer size, as that can be set smaller and thus cause
>a buffer overflow!
>
>Reported-by: Peter Wu
>---
> lib/smtp.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
>diff --git a/lib/smtp.c b/lib/smtp.c
>index e6872badb..ecf10a41a 100644
>--- a/lib/smtp.c
>+++ b/lib/smtp.c
>@@ -1561,17 +1561,18 @@ CURLcode Curl_smtp_escape_eob(struct connectdata *conn, const ssize_t nread)
> 
>   /* Do we need to allocate a scratch buffer? */
>   if(!scratch || data->set.crlf) {
>     oldscratch = scratch;
> 
>-    scratch = newscratch = malloc(2 * data->set.buffer_size);
>+    scratch = newscratch = malloc(2 * UPLOAD_BUFSIZE);
>     if(!newscratch) {
>       failf(data, "Failed to alloc scratch buffer!");
> 
>       return CURLE_OUT_OF_MEMORY;
>     }
>   }
>+  DEBUGASSERT(UPLOAD_BUFSIZE >= nread);
> 
>   /* Have we already sent part of the EOB? */
>   eob_sent = smtp->eob;
> 
>   /* This loop can be improved by some kind of Boyer-Moore style of
>-- 
>2.17.1
>

Actions: View | Diff

Attachments on bug 1597101: 1456079