curl-library
Re: problem with chunked content type "Problem (2) in the Chunked-Encoded data"
Date: Tue, 10 Mar 2015 09:18:39 +0100 (CET)
On Tue, 10 Mar 2015, Gabriel Grebenar (1&1) wrote:
> In version 7.35 my program failed in chunk parser function
> Curl_httpchunk_read() with error message " Problem (2) in the
> Chunked-Encoded data".
> This problem was fixed in version 7.36
Right, that was a regression introduced in 7.35.0 that we fixed in 7.36.0.
> by statement "if((ch->datasize ==
> CURL_OFF_T_MAX) && (errno == ERANGE))" , but what about datasize value
> CURL_OFF_T_MIN which was not checked?
How exactly can you can get an underflow when parsing a hex number there? What
input would need this added check?
> ch->datasize=curlx_strtoofft(ch->hexbuffer, &endptr, 16);
> if(errno == ERANGE)
> /* overflow is an error */
> return CHUNKE_ILLEGAL_HEX;
No can do, this gives false positives because the libc functions aren't
obliged to clear errno when things go well so there's a risk a previous
function call somewhere set errno and it would trigger this condition.
-- / daniel.haxx.se ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.htmlReceived on 2015-03-10