rpms / pidgin

Clone
Source Code
GIT

Files

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c7-ppc64le c7-sig-altarch-fasttrack c8 c8-beta c8s
  1.   c7-aarch64
  2.   SOURCES
  3.   pidgin-2.10.7-CVE-2013-6487.patch
Blob Blame History Raw 
diff -up pidgin-2.10.7/libpurple/protocols/gg/lib/http.c.CVE-2013-6487 pidgin-2.10.7/libpurple/protocols/gg/lib/http.c
--- pidgin-2.10.7/libpurple/protocols/gg/lib/http.c.CVE-2013-6487	2013-02-11 04:16:52.000000000 -0500
+++ pidgin-2.10.7/libpurple/protocols/gg/lib/http.c	2014-01-29 20:52:59.629513642 -0500
@@ -47,6 +47,8 @@
 #include <string.h>
 #include <unistd.h>
 
+#define GG_HTTP_MAX_LENGTH 1000000000
+
 /**
  * Rozpoczyna połączenie HTTP.
  *
@@ -364,6 +366,11 @@ int gg_http_watch_fd(struct gg_http *h)
 				h->body_size = left;
 			}
 
+			if (h->body_size > GG_HTTP_MAX_LENGTH) {
+				gg_debug(GG_DEBUG_MISC, "=> http, content-length too big\n");
+				h->body_size = GG_HTTP_MAX_LENGTH;
+			}
+
 			if (left > h->body_size) {
 				gg_debug(GG_DEBUG_MISC, "=> http, oversized reply (%d bytes needed, %d bytes left)\n", h->body_size, left);
 				h->body_size = left;

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation