[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 104/178: http2: convert an assert to run-time check
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnurl] 104/178: http2: convert an assert to run-time check |
|
Date: |
Wed, 23 May 2018 12:25:39 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 0a3589ccd0dbf5f3a826b669517ccc12893fa153
Author: Daniel Stenberg <address@hidden>
AuthorDate: Sat Apr 21 12:33:52 2018 +0200
http2: convert an assert to run-time check
Fuzzing has proven we can reach code in on_frame_recv with status_code
not having been set, so let's detect that in run-time (instead of with
assert) and error error accordingly.
(This should no longer happen with the latest nghttp2)
Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7903
Closes #2514
---
lib/http2.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/lib/http2.c b/lib/http2.c
index fe5fdb1b8..7dea16125 100644
--- a/lib/http2.c
+++ b/lib/http2.c
@@ -624,8 +624,10 @@ static int on_frame_recv(nghttp2_session *session, const
nghttp2_frame *frame,
}
/* nghttp2 guarantees that :status is received, and we store it to
- stream->status_code */
- DEBUGASSERT(stream->status_code != -1);
+ stream->status_code. Fuzzing has proven this can still be reached
+ without status code having been set. */
+ if(stream->status_code == -1)
+ return NGHTTP2_ERR_CALLBACK_FAILURE;
/* Only final status code signals the end of header */
if(stream->status_code / 100 != 1) {
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 65/178: test1136: fix cookie order after commit c990eadd1277, (continued)
- [GNUnet-SVN] [gnurl] 65/178: test1136: fix cookie order after commit c990eadd1277, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 84/178: schannel: add client certificate authentication, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 74/178: duphandle: make sure CURLOPT_RESOLVE is duplicated fine too, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 66/178: winbuild: updated the documentation, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 79/178: ssh: show libSSH2 error code when closing fails, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 92/178: detect_proxy: only show proxy use if it had contents, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 82/178: configure: keep LD_LIBRARY_PATH changes local, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 96/178: http2: avoid strstr() on data not zero terminated, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 93/178: ftplistparser: keep state between invokes, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 112/178: examples/http2-upload: expand buffer to avoid silly warning, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 104/178: http2: convert an assert to run-time check,
gnunet <=
- [GNUnet-SVN] [gnurl] 97/178: http2: clear the "drain counter" when a stream is closed, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 102/178: CURLOPT_SSLCERT.3: improve WinSSL-specific usage info, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 89/178: schannel: fix warning, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 109/178: Curl_memchr: zero length input can't match, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 101/178: schannel: fix build error on targets <= XP, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 121/178: cyassl: adapt to libraries without TLS 1.0 support built-in, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 123/178: http2: fix null pointer dereference in http2_connisdead, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 110/178: Revert "ftplistparser: keep state between invokes", gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 126/178: CURLINFO_PROTOCOL.3: mention the existing defined names, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 113/178: ftplistparser: keep state between invokes, gnunet, 2018/05/23