mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-01-18 14:04:30 +08:00
Code Issues Packages Projects Releases Wiki Activity

strtoofft: after space, there cannot be a control code

Browse Source 
With the change from ISSPACE() to ISBLANK() this function no longer
deals with (ignores) control codes the same way, which could lead to
this function returning unexpected values like in the case of
"Content-Length: \r-12354".

Follow-up to 6f9fb7ec2d

Detected by OSS-fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51140
Assisted-by: Max Dymond
Closes #9458
This commit is contained in:
Daniel Stenberg 2022-09-09 12:46:01 +02:00
parent 9c9e83931e
commit 279f638b74
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/strtoofft.c
View File

@ -224,7 +224,7 @@ CURLofft curlx_strtoofft(const char *str, char **endp, int base,
while(*str && ISBLANK(*str))
str++;
if('-' == *str) {
if(('-' == *str) || (ISSPACE(*str))) {
if(endp)
*endp = (char *)str; /* didn't actually move */
return CURL_OFFT_INVAL; /* nothing parsed */