]> git.ipfire.org Git - thirdparty/curl.git/commitdiff
projects / thirdparty / curl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0c53a5e)
ws: reject curl_ws_recv called with NULL buffer with a buflen
authorDaniel Stenberg <daniel@haxx.se>
Sun, 21 Sep 2025 08:18:13 +0000 (10:18 +0200)
committerDaniel Stenberg <daniel@haxx.se>
Sun, 21 Sep 2025 09:15:19 +0000 (11:15 +0200)
Arguably this is just a bad application.

Reported in Joshua's sarif data

Closes #18656

lib/ws.c patch | blob | blame | history

diff --git a/lib/ws.c b/lib/ws.c
index c840961d10171be4de07642754fcee819acfc584..b6ab28a35ad0accfb0c3c87b84f1e5312e2a3f4f 100644 (file)
--- a/lib/ws.c
+++ b/lib/ws.c
@@ -1502,7 +1502,7 @@ CURLcode curl_ws_recv(CURL *d, void *buffer,
 
   *nread = 0;
   *metap = NULL;
-  if(!GOOD_EASY_HANDLE(data))
+  if(!GOOD_EASY_HANDLE(data) || (buflen && !buffer))
     return CURLE_BAD_FUNCTION_ARGUMENT;
 
   conn = data->conn;
Mirror of https://github.com/curl/curl.git