projects / platform / upstream / curl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2b94d24) | patch
pingpong: fix response cache memcpy overflow 65/183065/1
authorSeonah Moon <seonah1.moon@samsung.com>
Mon, 2 Jul 2018 05:04:50 +0000 (14:04 +0900)
committerSeonah Moon <seonah1.moon@samsung.com>
Mon, 2 Jul 2018 05:08:57 +0000 (14:08 +0900)
commit7f3bc3395a9a00ba424e4949fed484502f823034
treeda454dffe94365bf34c3f3da24300c56604af961tree | snapshot
parent2b94d24a10d6e56a14c3d25349bfb0f482c781dbcommit | diff
pingpong: fix response cache memcpy overflow

Response data for a handle with a large buffer might be cached and then
used with the "closure" handle when it has a smaller buffer and then the
larger cache will be copied and overflow the new smaller heap based
buffer.

Reported-by: Dario Weisser
CVE: CVE-2018-1000300
Bug: https://curl.haxx.se/docs/adv_2018-82c2.htm

Change-Id: I02d35b9494356aaec1ca1f8eab0353a58c849e11
lib/pingpong.c diff | blob | history
Domain: Network & Connectivity / Data Network;