From: Stephan Bosch Date: Fri, 20 May 2016 22:16:38 +0000 (+0200) Subject: lib-http: response parser: Added check for the range of the response status value. X-Git-Tag: 2.3.0.rc1~3668 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1c2f122ae93d3316f6746f255f6659b510527cc8;p=thirdparty%2Fdovecot%2Fcore.git lib-http: response parser: Added check for the range of the response status value. A value of 666 was accepted inappropriately. --- diff --git a/src/lib-http/http-response-parser.c b/src/lib-http/http-response-parser.c index 81e65acb27..566bcd9399 100644 --- a/src/lib-http/http-response-parser.c +++ b/src/lib-http/http-response-parser.c @@ -73,6 +73,9 @@ static int http_response_parse_status(struct http_response_parser *parser) return -1; parser->response_status = (p[0] - '0')*100 + (p[1] - '0')*10 + (p[2] - '0'); + if (parser->response_status < 100 || + parser->response_status >= 600) + return -1; parser->parser.cur += 3; return 1; }