List Info

Thread: CR: Fix for bug 211207
CR: Fix for bug 211207
country flaguser name
United States		 2008-01-18 14:25:11 
Description
-------------------------------------
This changes fixes a crash in the http filesystem when
a malicious chunked encoding chunk size is constructed.
This crash is detailed in bug 211207.

Files Modified
-------------------------------------
filesystem/http/httpfsys.cpp

Branches
-------------------------------------
HEAD, 150Cay, 203Cay, 204Cay, 310Atlas



=====================================
Eric Hyche, Technical Lead
RealNetworks, Inc.
ehychereal.com

_______________________________________________
Filesystem-dev mailing list
Filesystem-devhelixcommunity.org
http://lists.helixcommunity.org/mailman/listinfo/
filesystem-dev
  
  
Re: CR: Fix for bug 211207
country flaguser name
United States		 2008-01-18 14:30:23 
+            INT32 lSize = (INT32)
strtol(pChunkedEncoding->buf, &errstr, 16);
+            if (lSize >= 0)
+            {
+

  || pChunkedEncoding->buf==errstr ???

Looks good.
--greg.



Eric Hyche wrote:
> Description
> -------------------------------------
> This changes fixes a crash in the http filesystem when
> a malicious chunked encoding chunk size is
constructed.
> This crash is detailed in bug 211207.
> 
> Files Modified
> -------------------------------------
> filesystem/http/httpfsys.cpp
> 
> Branches
> -------------------------------------
> HEAD, 150Cay, 203Cay, 204Cay, 310Atlas
> 
> 
> 
> =====================================
> Eric Hyche, Technical Lead
> RealNetworks, Inc.
> ehychereal.com
> 
> 
>
------------------------------------------------------------
------------
> 
> _______________________________________________
> Filesystem-dev mailing list
> Filesystem-devhelixcommunity.org
> http://lists.helixcommunity.org/mailman/listinfo/
filesystem-dev


_______________________________________________
Filesystem-dev mailing list
Filesystem-devhelixcommunity.org
http://lists.helixcommunity.org/mailman/listinfo/
filesystem-dev
RE: CR: Fix for bug 211207
country flaguser name
United States		 2008-01-18 14:48:02 
Thanks - I added the errstr check, and checked
into HEAD, 150Cay, 203Cay, 204Cay, and 310Atlas.

Eric

=============================================
Eric Hyche (ehychereal.com)
Technical Lead
RealNetworks, Inc.  

> -----Original Message-----
> From: Greg Wright [mailto:gwrightreal.com] 
> Sent: Friday, January 18, 2008 3:30 PM
> To: ehychereal.com
> Cc: filesystem-devlists.helixcommunity.org
> Subject: Re: [Filesystem-dev] CR: Fix for bug 211207
> 
> +            INT32 lSize = (INT32) 
> strtol(pChunkedEncoding->buf, &errstr, 16);
> +            if (lSize >= 0)
> +            {
> +
> 
>   || pChunkedEncoding->buf==errstr ???
> 
> Looks good.
> --greg.
> 
> 
> 
> Eric Hyche wrote:
> > Description
> > -------------------------------------
> > This changes fixes a crash in the http filesystem
when
> > a malicious chunked encoding chunk size is
constructed.
> > This crash is detailed in bug 211207.
> > 
> > Files Modified
> > -------------------------------------
> > filesystem/http/httpfsys.cpp
> > 
> > Branches
> > -------------------------------------
> > HEAD, 150Cay, 203Cay, 204Cay, 310Atlas
> > 
> > 
> > 
> > =====================================
> > Eric Hyche, Technical Lead
> > RealNetworks, Inc.
> > ehychereal.com
> > 
> > 
> > 
>
------------------------------------------------------------
--
> ----------
> > 
> > _______________________________________________
> > Filesystem-dev mailing list
> > Filesystem-devhelixcommunity.org
> > http://lists.helixcommunity.org/mailman/listinfo/
filesystem-dev
> 


_______________________________________________
Filesystem-dev mailing list
Filesystem-devhelixcommunity.org
http://lists.helixcommunity.org/mailman/listinfo/
filesystem-dev
[1-3]

about | contact  Other archives ( Real Estate discussion Medical topics )