projects / platform / upstream / curl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d189731) | patch
pingpong: fix response cache memcpy overflow 83/183083/1 accepted/tizen/base/20180706.152742 submit/tizen_base/20180704.234207
authorSeonah Moon <seonah1.moon@samsung.com>
Mon, 2 Jul 2018 05:04:50 +0000 (14:04 +0900)
committerSeonah Moon <seonah1.moon@samsung.com>
Mon, 2 Jul 2018 06:13:12 +0000 (15:13 +0900)
commite7b968422693f641483432c870a8b8e6f0128fbb
treeda454dffe94365bf34c3f3da24300c56604af961tree | snapshot
parentd189731e2bc2eca4dddabe597990a2f59ebd854acommit | diff
pingpong: fix response cache memcpy overflow

Response data for a handle with a large buffer might be cached and then
used with the "closure" handle when it has a smaller buffer and then the
larger cache will be copied and overflow the new smaller heap based
buffer.

Reported-by: Dario Weisser
CVE: CVE-2018-1000300
Bug: https://curl.haxx.se/docs/adv_2018-82c2.htm

Change-Id: I02d35b9494356aaec1ca1f8eab0353a58c849e11
lib/pingpong.c diff | blob | history
Domain: Network & Connectivity / Data Network;