nghttp2/nghttp2
1
0
Fork 0
mirror of https://github.com/nghttp2/nghttp2.git synced 2025-12-07 18:48:54 +08:00
Code Issues Projects Releases Wiki Activity

Prevent undefined behavior in decode_length

Browse Source
This commit is contained in:
Matt Rudary
2016-11-11 11:12:43 -05:00
committed by Tatsuhiro Tsujikawa
parent d8b13bd417
commit b87066da92
2 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
AUTHORS
View File

@@ -32,6 +32,7 @@ Etienne Cimon
Fabian Möller Fabian Möller
Fabian Wiesel Fabian Wiesel
Gabi Davar Gabi Davar
Google Inc.
Jacob Champion Jacob Champion
Jan-E Jan-E
Janusz Dziemidowicz Janusz Dziemidowicz

5
lib/nghttp2_hd.c
View File

@@ -864,6 +864,11 @@ static ssize_t decode_length(uint32_t *res, size_t *shift_ptr, int *fin,
for (; in != last; ++in, shift += 7) { for (; in != last; ++in, shift += 7) {
uint32_t add = *in & 0x7f; uint32_t add = *in & 0x7f;
if (shift >= 32) {
DEBUGF("inflate: shift exponent overflow\n");
return -1;
}
if ((UINT32_MAX >> shift) < add) { if ((UINT32_MAX >> shift) < add) {
DEBUGF("inflate: integer overflow on shift\n"); DEBUGF("inflate: integer overflow on shift\n");
return -1; return -1;