From 5b34e10f9aae48097830af4a8b394f39f94fcdfd Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Wed, 31 May 2006 20:58:22 +0000 Subject: =?UTF-8?q?HTTP=20input:=20buffer=20overflow=20fix.=20(Diego=20Pet?= =?UTF-8?q?ten=C3=B2)=20(CVE-2006-2802)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CVS patchset: 8001 CVS date: 2006/05/31 20:58:22 --- src/input/input_http.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/input/input_http.c b/src/input/input_http.c index 3c9e1e5d7..89883c347 100644 --- a/src/input/input_http.c +++ b/src/input/input_http.c @@ -19,7 +19,7 @@ * * input plugin for http network streams * - * $Id: input_http.c,v 1.114 2006/05/03 19:46:07 dsalt Exp $ + * $Id: input_http.c,v 1.115 2006/05/31 20:58:22 dsalt Exp $ */ #ifdef HAVE_CONFIG_H @@ -895,6 +895,12 @@ static int http_plugin_open (input_plugin_t *this_gen ) { len = 0; } else len ++; + if ( len >= buflen ) { + _x_message(this->stream, XINE_MSG_PERMISSION_ERROR, this->mrl, NULL); + xine_log (this->stream->xine, XINE_LOG_MSG, + _("input_http: buffer exahuested after %d bytes."), buflen); + return 0; + } } lprintf ("end of headers\n"); -- cgit v1.2.3