[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 22/220: curl: cap the maximum allowed values for re
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnurl] 22/220: curl: cap the maximum allowed values for retry time arguments |
|
Date: |
Thu, 12 Sep 2019 17:26:22 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit db0a0dfb0eb41d39273b0590b992df58f38b9a4d
Author: Daniel Stenberg <address@hidden>
AuthorDate: Mon Jul 29 22:10:13 2019 +0200
curl: cap the maximum allowed values for retry time arguments
... to avoid integer overflows later when multiplying with 1000 to
convert seconds to milliseconds.
Added test 1269 to verify.
Reported-by: Jason Lee
Closes #4166
---
src/tool_getparam.c | 4 ++--
src/tool_paramhlp.c | 22 ++++++++++++++++++++++
src/tool_paramhlp.h | 3 ++-
tests/data/Makefile.inc | 2 +-
tests/data/test1269 | 34 ++++++++++++++++++++++++++++++++++
5 files changed, 61 insertions(+), 4 deletions(-)
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index d0336351a..77a77da70 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -911,12 +911,12 @@ ParameterError getparameter(const char *flag, /* f or
-long-flag */
config->retry_connrefused = toggle;
break;
case 'h': /* --retry-delay */
- err = str2unum(&config->retry_delay, nextarg);
+ err = str2unummax(&config->retry_delay, nextarg, LONG_MAX/1000);
if(err)
return err;
break;
case 'i': /* --retry-max-time */
- err = str2unum(&config->retry_maxtime, nextarg);
+ err = str2unummax(&config->retry_maxtime, nextarg, LONG_MAX/1000);
if(err)
return err;
break;
diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c
index 3a4286c67..c9dac4f0f 100644
--- a/src/tool_paramhlp.c
+++ b/src/tool_paramhlp.c
@@ -198,6 +198,28 @@ ParameterError str2unum(long *val, const char *str)
}
/*
+ * Parse the string and write the long in the given address if it is below the
+ * maximum allowed value. Return PARAM_OK on success, otherwise a parameter
+ * error enum. ONLY ACCEPTS POSITIVE NUMBERS!
+ *
+ * Since this function gets called with the 'nextarg' pointer from within the
+ * getparameter a lot, we must check it for NULL before accessing the str
+ * data.
+ */
+
+ParameterError str2unummax(long *val, const char *str, long max)
+{
+ ParameterError result = str2unum(val, str);
+ if(result != PARAM_OK)
+ return result;
+ if(*val > max)
+ return PARAM_NUMBER_TOO_LARGE;
+
+ return PARAM_OK;
+}
+
+
+/*
* Parse the string and write the double in the given address. Return PARAM_OK
* on success, otherwise a parameter specific error enum.
*
diff --git a/src/tool_paramhlp.h b/src/tool_paramhlp.h
index 854f52256..f13a114fd 100644
--- a/src/tool_paramhlp.h
+++ b/src/tool_paramhlp.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -33,6 +33,7 @@ void cleanarg(char *str);
ParameterError str2num(long *val, const char *str);
ParameterError str2unum(long *val, const char *str);
+ParameterError str2unummax(long *val, const char *str, long max);
ParameterError str2udouble(double *val, const char *str, long max);
long proto2num(struct OperationConfig *config, long *val, const char *str);
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 6ec5a3c18..693e53d7c 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -140,7 +140,7 @@ test1236 test1237 test1238 test1239 test1240 test1241
test1242 test1243 \
test1244 test1245 test1246 test1247 test1248 test1249 test1250 test1251 \
test1252 test1253 test1254 test1255 test1256 test1257 test1258 test1259 \
test1260 test1261 test1262 test1263 test1264 test1265 test1266 test1267 \
-test1268 \
+test1268 test1269 \
\
test1280 test1281 test1282 test1283 test1284 test1285 test1286 test1287 \
test1288 test1289 test1290 test1291 test1292 \
diff --git a/tests/data/test1269 b/tests/data/test1269
new file mode 100644
index 000000000..c77663633
--- /dev/null
+++ b/tests/data/test1269
@@ -0,0 +1,34 @@
+<testcase>
+<info>
+<keywords>
+--retry-delay
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+none
+</server>
+ <name>
+too large --retry-delay value
+ </name>
+ <command>
+--retry 3 --retry-delay 9223372036854776 http://%HOSTIP:%HTTPPORT/1269
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<errorcode>
+2
+</errorcode>
+</verify>
+</testcase>
--
To stop receiving notification emails like this one, please contact
address@hidden.
- [GNUnet-SVN] [gnurl] 19/220: curl: avoid uncessary libcurl timeouts (in parallel mode), (continued)
- [GNUnet-SVN] [gnurl] 19/220: curl: avoid uncessary libcurl timeouts (in parallel mode), gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 16/220: easy: resize receive buffer on easy handle reset, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 26/220: mailmap: Amit Katyal, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 25/220: asyn-thread: removed unused variable, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 23/220: asyn-thread: create a socketpair to wait on, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 18/220: HTTP: use chunked Transfer-Encoding for HTTP_POST if size unknown, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 24/220: RELEASE-NOTES: synced, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 15/220: examples: Avoid reserved names in hiperfifo examples, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 14/220: RELEASE-NOTES: synced, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 21/220: progress: reset download/uploaded counter, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 22/220: curl: cap the maximum allowed values for retry time arguments,
gnunet <=
- [GNUnet-SVN] [gnurl] 04/220: docs/MANUAL.md: converted to markdown from plain text, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 09/220: HTTP3: initial (experimental) support, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 05/220: curl: support parallel transfers, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 31/220: ntlm: explicit type casting, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 38/220: mailmap: add Giorgos Oikonomou, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 33/220: getenv: support up to 4K environment variable contents on windows, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 37/220: src/makefile: fix uncompressed hugehelp.c generation, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 43/220: quiche: use the proper HTTP/3 ALPN, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 46/220: url: set conn->transport to default TCP at init time, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 40/220: http_negotiate: improve handling of gss_init_sec_context() failures, gnunet, 2019/09/12