Skip to content

SPTCH-3194: fix fail code returned if 401 Unauthorized on range request#5

Merged
sergio-nsk merged 1 commit intosnxd-7.87.0from
sergey/SPTCH-3194/2
Jan 16, 2023
Merged

SPTCH-3194: fix fail code returned if 401 Unauthorized on range request#5
sergio-nsk merged 1 commit intosnxd-7.87.0from
sergey/SPTCH-3194/2

Conversation

@sergio-nsk
Copy link
Copy Markdown

@sergio-nsk sergio-nsk commented Jan 16, 2023

Data range can be requested and 401 Unauthorized can be responded with a body unrelated to the requested content, and without Content-Range header, with unrelated Content-Length value. curl_easy_perform() fails with the error CURLE_RANGE_ERROR. It should not fail.

The branch was made protected, I had no chance to update it directly.

@sergio-nsk
SPTCH-3194: fix fail code returned if 401 Unauthorized on range request
97e1de0 
Data range can be requested and 401 Unauthorized can be responded with a body
unrelated to the requested content, and without Content-Range header, with
unrelated Content-Length value. `curl_easy_perform()` fails with the error
`CURLE_RANGE_ERROR`. It should not fail.
@sergio-nsk sergio-nsk added the bug Something isn't working label Jan 16, 2023
@sergio-nsk sergio-nsk requested a review from nmoinvaz January 16, 2023 21:25
@sergio-nsk sergio-nsk enabled auto-merge (rebase) January 16, 2023 21:25
@sergio-nsk sergio-nsk merged commit 7740245 into snxd-7.87.0 Jan 16, 2023
@sergio-nsk sergio-nsk deleted the sergey/SPTCH-3194/2 branch January 16, 2023 21:28
@nmoinvaz
Copy link
Copy Markdown

nmoinvaz commented Jan 16, 2023

This change was from an old PR, that possibly did not get merged in to recent branch.

@nmoinvaz
Copy link
Copy Markdown

nmoinvaz commented Jan 16, 2023

curl#9401

sergio-nsk added a commit that referenced this pull request Jul 31, 2023
@sergio-nsk
Fix heap buffer overflow
97e6a90 
Further `u->path = Curl_memdup(path, pathlen + 1);` accesses bytes after the null-terminator.
```
==2676==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x04d48c75 at pc 0x0112708a bp 0x006fb7e0 sp 0x006fb3c4
READ of size 78 at 0x04d48c75 thread T0
    #0 0x1127089 in __asan_wrap_memcpy D:\a\_work\1\s\src\vctools\asan\llvm\compiler-rt\lib\sanitizer_common\sanitizer_common_interceptors.inc:840
    #1 0x1891a0e in Curl_memdup C:\actions-runner\_work\client\client\third_party\curl\lib\strdup.c:97
    #2 0x18db4b0 in parseurl C:\actions-runner\_work\client\client\third_party\curl\lib\urlapi.c:1297
    #3 0x18db819 in parseurl_and_replace C:\actions-runner\_work\client\client\third_party\curl\lib\urlapi.c:1342
    #4 0x18d6e39 in curl_url_set C:\actions-runner\_work\client\client\third_party\curl\lib\urlapi.c:1790
    #5 0x1877d3e in parseurlandfillconn C:\actions-runner\_work\client\client\third_party\curl\lib\url.c:1768
    #6 0x1871acf in create_conn C:\actions-runner\_work\client\client\third_party\curl\lib\url.c:3403
    curl#7 0x186d8dc in Curl_connect C:\actions-runner\_work\client\client\third_party\curl\lib\url.c:3888
    curl#8 0x1856b78 in multi_runsingle C:\actions-runner\_work\client\client\third_party\curl\lib\multi.c:1982
    curl#9 0x18531e3 in curl_multi_perform C:\actions-runner\_work\client\client\third_party\curl\lib\multi.c:2756
```
nmoinvaz pushed a commit that referenced this pull request Aug 8, 2023
@sergio-nsk @bagder
urlapi: fix heap buffer overflow
a21f318 
`u->path = Curl_memdup(path, pathlen + 1);` accesses bytes after the null-terminator.

```
==2676==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x04d48c75 at pc 0x0112708a bp 0x006fb7e0 sp 0x006fb3c4
READ of size 78 at 0x04d48c75 thread T0
    #0 0x1127089 in __asan_wrap_memcpy D:\a\_work\1\s\src\vctools\asan\llvm\compiler-rt\lib\sanitizer_common\sanitizer_common_interceptors.inc:840
    #1 0x1891a0e in Curl_memdup C:\actions-runner\_work\client\client\third_party\curl\lib\strdup.c:97
    #2 0x18db4b0 in parseurl C:\actions-runner\_work\client\client\third_party\curl\lib\urlapi.c:1297
    #3 0x18db819 in parseurl_and_replace C:\actions-runner\_work\client\client\third_party\curl\lib\urlapi.c:1342
    #4 0x18d6e39 in curl_url_set C:\actions-runner\_work\client\client\third_party\curl\lib\urlapi.c:1790
    #5 0x1877d3e in parseurlandfillconn C:\actions-runner\_work\client\client\third_party\curl\lib\url.c:1768
    #6 0x1871acf in create_conn C:\actions-runner\_work\client\client\third_party\curl\lib\url.c:3403
    curl#7 0x186d8dc in Curl_connect C:\actions-runner\_work\client\client\third_party\curl\lib\url.c:3888
    curl#8 0x1856b78 in multi_runsingle C:\actions-runner\_work\client\client\third_party\curl\lib\multi.c:1982
    curl#9 0x18531e3 in curl_multi_perform C:\actions-runner\_work\client\client\third_party\curl\lib\multi.c:2756
```

Closes curl#11560
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nmoinvaz nmoinvaz nmoinvaz approved these changes

Assignees

No one assigned

Labels

bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sergio-nsk @nmoinvaz