cURL / Mailing Lists / curl-library / Single Mail

curl-library

Bug in add_buffer_send while calling Curl_debug with request header data

From: Ates Goral <Ates.Goral_at_genesyslab.com>
Date: Tue, 13 Nov 2007 11:00:20 -0800

In libcurl 7.17.1, lib/http.c line 987:

 

      Curl_debug(conn->data, CURLINFO_HEADER_OUT, ptr,

                 (size_t)(amount-included_body_bytes), conn);

 

Here, it is assumed that the "amount" bytes that were actually sent with
the prior call to Curl_write is exactly "size" bytes (the total bytes
that are available for sending).

 

#13 0x08074dd3 in Curl_debug (data=0x8f55240, type=CURLINFO_HEADER_OUT,

    ptr=0x8ed5cb8 "POST http://example.com HTTP/1.0\r\nHost:

example.com\r\nProxy-Connection: Keep-Alive\r\nAcc"...,

    size=4294952134, conn=0x0) at sendf.c:663

#14 0x0807d328 in add_buffer_send (in=0x8ed3f10, conn=0x8eaaaf0,

    bytes_written=0x8f5d790, included_body_bytes=27474, socketindex=0)

    at http.c:987

 

In frame #14, I have:

 

size = 29022

included_body_bytes = 27474

amount = 12312

 

And therefore, "amount - included_body_bytes" yields a negative number,
which in turn results in the "4294952134" seen at frame #13. This
eventually results in a crash in our code while we're trying to log the
(allegedly) 4 GB of debug data :-)

 

I suppose the fix would be something like (sorry, I don't have a patch
at this time as I haven't tested this out):

 

      size_t size_of_headers = size - included_body_bytes;

 

      Curl_debug(conn->data, CURLINFO_HEADER_OUT, ptr,

                 amount >= size_of_headers ? size_of_headers : amount,
conn);

 

 

Ates

                                        
-------------------------------------------------------------------------------------------------------------------
CONFIDENTIALITY NOTICE: This e-mail and any files attached may contain confidential and proprietary information of Alcatel-Lucent and/or its affiliated entities. Access by the intended recipient only is authorized. Any liability arising from any party acting, or refraining from acting, on any information contained in this e-mail is hereby excluded. If you are not the intended recipient, please notify the sender immediately, destroy the original transmission and its attachments and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Copyright in this e-mail and any attachments belongs to Alcatel-Lucent and/or its affiliated entities.
                                        
Received on 2007-11-13