Blame SOURCES/pidgin-2.10.7-CVE-2013-6487.patch
|
 |
56fe68 |
diff -up pidgin-2.10.7/libpurple/protocols/gg/lib/http.c.CVE-2013-6487 pidgin-2.10.7/libpurple/protocols/gg/lib/http.c
|
|
|
56fe68 |
--- pidgin-2.10.7/libpurple/protocols/gg/lib/http.c.CVE-2013-6487 2013-02-11 04:16:52.000000000 -0500
|
|
|
56fe68 |
+++ pidgin-2.10.7/libpurple/protocols/gg/lib/http.c 2014-01-29 20:52:59.629513642 -0500
|
|
|
56fe68 |
@@ -47,6 +47,8 @@
|
|
|
56fe68 |
#include <string.h>
|
|
|
56fe68 |
#include <unistd.h>
|
|
|
56fe68 |
|
|
|
56fe68 |
+#define GG_HTTP_MAX_LENGTH 1000000000
|
|
|
56fe68 |
+
|
|
|
56fe68 |
/**
|
|
|
56fe68 |
* Rozpoczyna połączenie HTTP.
|
|
|
56fe68 |
*
|
|
|
56fe68 |
@@ -364,6 +366,11 @@ int gg_http_watch_fd(struct gg_http *h)
|
|
|
56fe68 |
h->body_size = left;
|
|
|
56fe68 |
}
|
|
|
56fe68 |
|
|
|
56fe68 |
+ if (h->body_size > GG_HTTP_MAX_LENGTH) {
|
|
|
56fe68 |
+ gg_debug(GG_DEBUG_MISC, "=> http, content-length too big\n");
|
|
|
56fe68 |
+ h->body_size = GG_HTTP_MAX_LENGTH;
|
|
|
56fe68 |
+ }
|
|
|
56fe68 |
+
|
|
|
56fe68 |
if (left > h->body_size) {
|
|
|
56fe68 |
gg_debug(GG_DEBUG_MISC, "=> http, oversized reply (%d bytes needed, %d bytes left)\n", h->body_size, left);
|
|
|
56fe68 |
h->body_size = left;
|