MyFavMirrors/owntone-server
1
0
Fork 0
mirror of https://github.com/owntone/owntone-server.git synced 2025-01-15 16:53:18 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix integer overflow, CVE-2008-1771

Browse Source 
Fix integer overflow leading to heap-based buffer overflow causing a
remote Denial of Service and possibly allows to execute arbitrary code.
This commit is contained in:
Nico Golde 2009-04-02 12:59:31 +02:00 committed by Julien BLACHE
parent 5d227e85c5
commit 567bd3ee03
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/webserver.c
View File

@ -716,7 +716,12 @@ int ws_getpostvars(WS_CONNINFO *pwsc) {
return FALSE; return FALSE;
} }
length=atoi(content_length); length=strtol(content_length, NULL, 10);
if(EINVAL == errno || UINT_MAX - 1 <= length){
ws_dprintf(L_WS_WARN, "Thread %d: Suspicious Content-Length value, ignoring request\n", pwsc->threadno);
return FALSE;
}
ws_dprintf(L_WS_DBG,"Thread %d: Post var length: %d\n", ws_dprintf(L_WS_DBG,"Thread %d: Post var length: %d\n",
pwsc->threadno,length); pwsc->threadno,length);