openkylin
/
curl
mirror of https://gitee.com/openkylin/curl.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

!27 修复安全漏洞CVE-2023-23916 

Merge pull request !27 from whuyxa/openkylin/yangtze
This commit is contained in:
zhaikangning 2023-08-09 02:55:22 +00:00 committed by Gitee
parent cffffb273f 5d29d8ab34
commit 9f3e014e01
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
4 changed files with 160 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/content_encoding.c
View File

@ -944,7 +944,6 @@ CURLcode Curl_build_unencoding_stack(struct connectdata *conn,
{ {
struct Curl_easy *data = conn->data; struct Curl_easy *data = conn->data;
struct SingleRequest *k = &data->req; struct SingleRequest *k = &data->req;
int counter = 0;
do { do {
const char *name; const char *name;
@ -979,9 +978,9 @@ CURLcode Curl_build_unencoding_stack(struct connectdata *conn,
if(!encoding) if(!encoding)
encoding = &error_encoding; /* Defer error at stack use. */ encoding = &error_encoding; /* Defer error at stack use. */
if(++counter >= MAX_ENCODE_STACK) { if(k->writer_stack_depth++ >= MAX_ENCODE_STACK) {
failf(data, "Reject response due to %u content encodings", failf(data, "Reject response due to more than %u content encodings",
counter); MAX_ENCODE_STACK);
return CURLE_BAD_CONTENT_ENCODING; return CURLE_BAD_CONTENT_ENCODING;
} }
/* Stack the unencoding stage. */ /* Stack the unencoding stage. */

1
lib/urldata.h
View File

@ -643,6 +643,7 @@ struct SingleRequest {
#ifndef CURL_DISABLE_DOH #ifndef CURL_DISABLE_DOH
struct dohdata doh; /* DoH specific data for this request */ struct dohdata doh; /* DoH specific data for this request */
#endif #endif
unsigned char writer_stack_depth; /* Unencoding stack depth. */
BIT(header); /* incoming data has HTTP header */ BIT(header); /* incoming data has HTTP header */
BIT(content_range); /* set TRUE if Content-Range: was found */ BIT(content_range); /* set TRUE if Content-Range: was found */
BIT(upload_done); /* set to TRUE when doing chunked transfer-encoding BIT(upload_done); /* set to TRUE when doing chunked transfer-encoding

2
tests/data/Makefile.inc
View File

@ -63,7 +63,7 @@ test350 test351 test352 test353 test354 test355 test356 \
test393 test394 test395 \ test393 test394 test395 \
\ \
test400 test401 test402 test403 test404 test405 test406 test407 test408 \ test400 test401 test402 test403 test404 test405 test406 test407 test408 \
test409 \ test409 test418 \
\ \
test490 test491 test492 \ test490 test491 test492 \
\ \

155
tests/data/test418 Normal file
View File

@ -0,0 +1,155 @@
<testcase>
<info>
<keywords>
HTTP
gzip
</keywords>
</info>
#
# Server-side
<reply>
<data nocheck="yes">
HTTP/1.1 200 OK
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
Transfer-Encoding: gzip
-foo-
</data>
</reply>
#
# Client-side
<client>
<server>
http
</server>
<name>
Response with multiple Transfer-Encoding headers
</name>
<command>
http://%HOSTIP:%HTTPPORT/418 -sS
</command>
</client>
#
# Verify data after the test has been "shot"
<verify>
<strip>
^User-Agent: curl/.*
</strip>
<protocol>
GET /418 HTTP/1.1
Host: %HOSTIP:%HTTPPORT
User-Agent: curl/7.68.0
Accept: */*
</protocol>
# CURLE_BAD_CONTENT_ENCODING is 61
<errorcode>
61
</errorcode>
<stderr mode="text">
curl: (61) Reject response due to more than 5 content encodings
</stderr>
</verify>
</testcase>