mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-01-30 14:22:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

headers: remove assert from Curl_headers_push

Browse Source 
The fuzzer managed to reach the function without a terminating CR or LF
so let's handle it normally. While there, remove the goto.

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65839

Closes #12721
This commit is contained in:
Daniel Stenberg 2024-01-16 23:50:02 +01:00
parent 48aaab55a5
commit c8cffcb8d4
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 14 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
lib/headers.c
View File

@ -291,9 +291,9 @@ CURLcode Curl_headers_push(struct Curl_easy *data, const char *header,
end = strchr(header, '\r');
if(!end) {
end = strchr(header, '\n');
DEBUGASSERT(end);
if(!end)
return CURLE_BAD_FUNCTION_ARGUMENT;
/* neither CR nor LF as terminator is not a valid header */
return CURLE_WEIRD_SERVER_REPLY;
}
hlen = end - header;
@ -320,21 +320,19 @@ CURLcode Curl_headers_push(struct Curl_easy *data, const char *header,
hs->buffer[hlen] = 0; /* nul terminate */
result = namevalue(hs->buffer, hlen, type, &name, &value);
if(result)
goto fail;
if(!result) {
hs->name = name;
hs->value = value;
hs->type = type;
hs->request = data->state.requests;
hs->name = name;
hs->value = value;
hs->type = type;
hs->request = data->state.requests;
/* insert this node into the list of headers */
Curl_llist_insert_next(&data->state.httphdrs, data->state.httphdrs.tail,
hs, &hs->node);
data->state.prevhead = hs;
return CURLE_OK;
fail:
free(hs);
/* insert this node into the list of headers */
Curl_llist_insert_next(&data->state.httphdrs, data->state.httphdrs.tail,
hs, &hs->node);
data->state.prevhead = hs;
}
else
free(hs);
return result;
}