From: Daniel Stenberg Date: Wed, 11 Jan 2017 11:15:37 +0000 (+0100) Subject: http2_send: avoid unsigned integer wrap around X-Git-Tag: curl-7_53_0~113 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c6778aa46a8e8d27b40692a89f1d3be0e2614abb;p=thirdparty%2Fcurl.git http2_send: avoid unsigned integer wrap around ... when checking for a too large request. --- diff --git a/lib/http2.c b/lib/http2.c index 4cc17ba2b2..9088f4dffe 100644 --- a/lib/http2.c +++ b/lib/http2.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -1862,28 +1862,22 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex, /* Warn stream may be rejected if cumulative length of headers is too large. It appears nghttp2 will not send a header frame larger than 64KB. */ +#define MAX_ACC 60000 /* <64KB to account for some overhead */ { size_t acc = 0; - const size_t max_acc = 60000; /* <64KB to account for some overhead */ for(i = 0; i < nheader; ++i) { - if(nva[i].namelen > max_acc - acc) - break; - acc += nva[i].namelen; - - if(nva[i].valuelen > max_acc - acc) - break; - acc += nva[i].valuelen; + acc += nva[i].namelen + nva[i].valuelen; DEBUGF(infof(conn->data, "h2 header: %.*s:%.*s\n", nva[i].namelen, nva[i].name, nva[i].valuelen, nva[i].value)); } - if(i != nheader) { + if(acc > MAX_ACC) { infof(conn->data, "http2_send: Warning: The cumulative length of all " - "headers exceeds %zu bytes and that could cause the " - "stream to be rejected.\n", max_acc); + "headers exceeds %zu bytes and that could cause the " + "stream to be rejected.\n", MAX_ACC); } }