New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix null pointer dereferences and add integer overflow check #258

Merged
merged 3 commits into from Oct 28, 2017

Conversation

Projects
None yet
2 participants
@reidmefirst

reidmefirst commented Oct 18, 2017

  • Fix two null pointer dereferences in cgi.c (argp may be NULL after walloc/wrealloc calls).
  • Add a check around atoi() call that may result in interpreting content-length as a negative number, which could trigger a DoS with chunked encoding.

@mobrien mobrien merged commit 2cf3936 into embedthis:master Oct 28, 2017

@mobrien

This comment has been minimized.

Show comment
Hide comment
@mobrien

mobrien Oct 28, 2017

Thanks for the pull request.

I've merged this and blended a similar patch for rxLen into the dev branch. We typically want pull requests vs the dev branch as we can then test before merging back into the mater support line.

See the dev commits for the result.

mobrien commented Oct 28, 2017

Thanks for the pull request.

I've merged this and blended a similar patch for rxLen into the dev branch. We typically want pull requests vs the dev branch as we can then test before merging back into the mater support line.

See the dev commits for the result.

@reidmefirst

This comment has been minimized.

Show comment
Hide comment
@reidmefirst

reidmefirst Oct 30, 2017

Okay thanks. I'm kind of a git noob, if I do any other pull requests, I'll figure out how to make it against the dev branch instead of master.

reidmefirst commented Oct 30, 2017

Okay thanks. I'm kind of a git noob, if I do any other pull requests, I'll figure out how to make it against the dev branch instead of master.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment