30 lines
996 B
Diff
30 lines
996 B
Diff
Upstream-Status: Backport
|
|
|
|
libproxy - CVE-2012-4504:
|
|
|
|
Reference:https://code.google.com/p/libproxy/source/detail?r=853
|
|
|
|
Stack-based buffer overflow in the url::get_pac function in url.cpp
|
|
in libproxy 0.4.x before 0.4.9 allows remote servers to have an
|
|
unspecified impact via a large proxy.pac file.
|
|
|
|
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504
|
|
|
|
Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
|
|
|
|
diff -urpN a/libproxy/url.cpp b/libproxy/url.cpp
|
|
--- a/libproxy/url.cpp 2012-11-26 10:08:47.000000000 +0800
|
|
+++ b/libproxy/url.cpp 2012-11-26 10:05:54.000000000 +0800
|
|
@@ -472,9 +472,10 @@ char* url::get_pac() {
|
|
// Add this chunk to our content length,
|
|
// ensuring that we aren't over our max size
|
|
content_length += chunk_length;
|
|
- if (content_length >= PAC_MAX_SIZE) break;
|
|
}
|
|
|
|
+ if (content_length >= PAC_MAX_SIZE) break;
|
|
+
|
|
while (recvd != content_length) {
|
|
int r = recv(sock, buffer + recvd, content_length - recvd, 0);
|
|
if (r < 0) break;
|