From: Amos Jeffries <squid3@treenet.co.nz>
Date: Sat, 5 Jan 2013 08:14:46 +0000 (-0700)
Subject: squidpurge: ensure PURGE repsonse buffer is terminated
X-Git-Tag: SQUID_3_4_0_1~395
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3efeeda272a15497d732b87fcc00b3a78d8a025f;p=thirdparty%2Fsquid.git

squidpurge: ensure PURGE repsonse buffer is terminated

 Detected by Coverity Scan. Issue 965807.

Also, additional validation check for issue 740488
---

diff --git a/tools/purge/purge.cc b/tools/purge/purge.cc
index db8e640a2d..67baa971d8 100644
--- a/tools/purge/purge.cc
+++ b/tools/purge/purge.cc
@@ -353,13 +353,15 @@ action( int fd, size_t metasize,
             return false;
         }
         memset( buffer+8, 0, 4 );
-        if ( read( sockfd, buffer, bufsize ) < 1 ) {
+        int readLen = read(sockfd, buffer, bufsize);
+        if (readLen < 1) {
             // error while reading squid's answer
             fprintf( stderr, "unable to read answer: %s\n", strerror(errno) );
             close(sockfd);
             delete[] buffer;
             return false;
         }
+        buffer[bufsize-1] = '\0';
         close(sockfd);
         int64_t s = strtol(buffer+8,0,10);
         if (s > 0 && s < 1000)
@@ -425,6 +427,10 @@ match( const char* fn, const REList* list )
             while ( offset + addon <= datastart ) {
                 unsigned int size = 0;
                 memcpy( &size, linebuffer+offset+sizeof(char), sizeof(unsigned int) );
+                if (size+offset < size) {
+                    fputs("WARNING: file corruption detected. 32-bit overflow in size field.\n", stderr);
+                    break;
+                }
                 if (size+offset > readLen) {
                     fputs( "WARNING: Partial meta data loaded.\n", stderr );
                     break;