From 51c25f470f85b485818c253718594a4d59b39931 Mon Sep 17 00:00:00 2001
From: Milan Crha <mcrha@redhat.com>
Date: Tue, 15 Apr 2025 09:03:00 +0200
Subject: [PATCH] multipart: Fix read out of buffer bounds under
 soup_multipart_new_from_message()

This is CVE-2025-32914, special crafted input can cause read out of buffer bounds
of the body argument.

Closes #436
---
 libsoup/soup-multipart.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libsoup/soup-multipart.c b/libsoup/soup-multipart.c
index a7e550f1..dd939739 100644
--- a/libsoup/soup-multipart.c
+++ b/libsoup/soup-multipart.c
@@ -181,7 +181,7 @@ soup_multipart_new_from_message (SoupMessageHeaders *headers,
 			return NULL;
 		}
 
-		split = strstr (start, "\r\n\r\n");
+		split = g_strstr_len (start, body_end - start, "\r\n\r\n");
 		if (!split || split > end) {
 			soup_multipart_free (multipart);
 			soup_buffer_free (flattened);
-- 
2.49.0