Blob Blame History Raw
diff -up pidgin-2.10.7/libpurple/protocols/gg/lib/http.c.CVE-2013-6487 pidgin-2.10.7/libpurple/protocols/gg/lib/http.c
--- pidgin-2.10.7/libpurple/protocols/gg/lib/http.c.CVE-2013-6487	2013-02-11 04:16:52.000000000 -0500
+++ pidgin-2.10.7/libpurple/protocols/gg/lib/http.c	2014-01-29 20:52:59.629513642 -0500
@@ -47,6 +47,8 @@
 #include <string.h>
 #include <unistd.h>
 
+#define GG_HTTP_MAX_LENGTH 1000000000
+
 /**
  * Rozpoczyna połączenie HTTP.
  *
@@ -364,6 +366,11 @@ int gg_http_watch_fd(struct gg_http *h)
 				h->body_size = left;
 			}
 
+			if (h->body_size > GG_HTTP_MAX_LENGTH) {
+				gg_debug(GG_DEBUG_MISC, "=> http, content-length too big\n");
+				h->body_size = GG_HTTP_MAX_LENGTH;
+			}
+
 			if (left > h->body_size) {
 				gg_debug(GG_DEBUG_MISC, "=> http, oversized reply (%d bytes needed, %d bytes left)\n", h->body_size, left);
 				h->body_size = left;