]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
projects / thirdparty / dovecot / core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ba4626c)
lib-http: response parser: Added check for the range of the response status value.
authorStephan Bosch <stephan@dovecot.fi>
Fri, 20 May 2016 22:16:38 +0000 (00:16 +0200)
committerStephan Bosch <stephan@dovecot.fi>
Thu, 26 May 2016 01:05:44 +0000 (03:05 +0200)
A value of 666 was accepted inappropriately.

src/lib-http/http-response-parser.c patch | blob | blame | history

diff --git a/src/lib-http/http-response-parser.c b/src/lib-http/http-response-parser.c
index 81e65acb277b06aebcb90ef3985a45573d0e6f4b..566bcd93995fcad25a8afc0f8326bbb4a34c8d18 100644 (file)
--- a/src/lib-http/http-response-parser.c
+++ b/src/lib-http/http-response-parser.c
@@ -73,6 +73,9 @@ static int http_response_parse_status(struct http_response_parser *parser)
                return -1;
        parser->response_status =
                (p[0] - '0')*100 + (p[1] - '0')*10 + (p[2] - '0');
+       if (parser->response_status < 100 ||
+               parser->response_status >= 600)
+               return -1;
        parser->parser.cur += 3;
        return 1;
 }
Mirror of https://github.com/dovecot/core.git