cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: problem with chunked content type "Problem (2) in the Chunked-Encoded data"

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Tue, 10 Mar 2015 09:18:39 +0100 (CET)

On Tue, 10 Mar 2015, Gabriel Grebenar (1&1) wrote:

> In version 7.35 my program failed in chunk parser function
> Curl_httpchunk_read() with error message " Problem (2) in the
> Chunked-Encoded data".

> This problem was fixed in version 7.36

Right, that was a regression introduced in 7.35.0 that we fixed in 7.36.0.

> by statement "if((ch->datasize ==
> CURL_OFF_T_MAX) && (errno == ERANGE))" , but what about datasize value
> CURL_OFF_T_MIN which was not checked?

How exactly can you can get an underflow when parsing a hex number there? What
input would need this added check?

> ch->datasize=curlx_strtoofft(ch->hexbuffer, &endptr, 16);
> if(errno == ERANGE)
> /* overflow is an error */
> return CHUNKE_ILLEGAL_HEX;

No can do, this gives false positives because the libc functions aren't
obliged to clear errno when things go well so there's a risk a previous
function call somewhere set errno and it would trigger this condition.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2015-03-10