Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

altsvc: reject bad port numbers #9607

Closed
wants to merge 2 commits into from
Closed

altsvc: reject bad port numbers #9607

wants to merge 2 commits into from

Conversation

bagder
Copy link
Member

@bagder bagder commented Sep 27, 2022

The existing code tried but did not properly reject alternative services using negative or too large port numbers.

With this fix, the logic now also flushes the old entries immediately before adding a new one, making a following header with an illegal entry not flush the already stored entry.

Report from the ongoing source code audit by Trail of Bits.

Adjusted test 356 to verify.

bagder added 2 commits Sep 28, 2022
The existing code tried but did not properly reject alternative services
using negative or too large port numbers.

With this fix, the logic now also flushes the old entries immediately
before adding a new one, making a following header with an illegal entry
not flush the already stored entry.

Report from the ongoing source code audit by Trail of Bits.

Adjusted test 356 to verify.

Closes #9607
@bagder bagder force-pushed the bagder/altsvc-badport branch from 7d5684d to 8e5ca27 Compare Sep 28, 2022
@bagder bagder closed this in ac612df Sep 28, 2022
@bagder bagder deleted the bagder/altsvc-badport branch Sep 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

1 participant