31 lines
929 B
Diff
31 lines
929 B
Diff
From 51c25f470f85b485818c253718594a4d59b39931 Mon Sep 17 00:00:00 2001
|
|
From: Milan Crha <mcrha@redhat.com>
|
|
Date: Tue, 15 Apr 2025 09:03:00 +0200
|
|
Subject: [PATCH] multipart: Fix read out of buffer bounds under
|
|
soup_multipart_new_from_message()
|
|
|
|
This is CVE-2025-32914, special crafted input can cause read out of buffer bounds
|
|
of the body argument.
|
|
|
|
Closes #436
|
|
---
|
|
libsoup/soup-multipart.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/libsoup/soup-multipart.c b/libsoup/soup-multipart.c
|
|
index a7e550f1..dd939739 100644
|
|
--- a/libsoup/soup-multipart.c
|
|
+++ b/libsoup/soup-multipart.c
|
|
@@ -181,7 +181,7 @@ soup_multipart_new_from_message (SoupMessageHeaders *headers,
|
|
return NULL;
|
|
}
|
|
|
|
- split = strstr (start, "\r\n\r\n");
|
|
+ split = g_strstr_len (start, body_end - start, "\r\n\r\n");
|
|
if (!split || split > end) {
|
|
soup_multipart_free (multipart);
|
|
soup_buffer_free (flattened);
|
|
--
|
|
2.49.0
|
|
|