[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnurl] 63/222: cookie: pass in the correct cookie amount to qsort()
From: |
gnunet |
Subject: |
[gnurl] 63/222: cookie: pass in the correct cookie amount to qsort() |
Date: |
Thu, 07 Nov 2019 00:09:19 +0100 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 0801343e27d4540afcdbbd8fe46aabaddd9da321
Author: Daniel Stenberg <address@hidden>
AuthorDate: Wed Sep 18 14:29:35 2019 +0200
cookie: pass in the correct cookie amount to qsort()
As the loop discards cookies without domain set. This bug would lead to
qsort() trying to sort uninitialized pointers. We have however not found
it a security problem.
Reported-by: Paul Dreik
Closes #4386
---
lib/cookie.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/lib/cookie.c b/lib/cookie.c
index 53ca40237..0e71129de 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -1528,28 +1528,28 @@ static int cookie_output(struct CookieInfo *c, const
char *dumphere)
if(c->numcookies) {
unsigned int i;
- unsigned int j;
+ size_t nvalid = 0;
struct Cookie **array;
- array = malloc(sizeof(struct Cookie *) * c->numcookies);
+ array = calloc(1, sizeof(struct Cookie *) * c->numcookies);
if(!array) {
if(!use_stdout)
fclose(out);
return 1;
}
- j = 0;
+ /* only sort the cookies with a domain property */
for(i = 0; i < COOKIE_HASH_SIZE; i++) {
for(co = c->cookies[i]; co; co = co->next) {
if(!co->domain)
continue;
- array[j++] = co;
+ array[nvalid++] = co;
}
}
- qsort(array, c->numcookies, sizeof(struct Cookie *), cookie_sort_ct);
+ qsort(array, nvalid, sizeof(struct Cookie *), cookie_sort_ct);
- for(i = 0; i < j; i++) {
+ for(i = 0; i < nvalid; i++) {
char *format_ptr = get_netscape_format(array[i]);
if(format_ptr == NULL) {
fprintf(out, "#\n# Fatal libcurl error\n");
--
To stop receiving notification emails like this one, please contact
address@hidden.
- [gnurl] 48/222: imap: merged two case-branches performing the same action, (continued)
- [gnurl] 48/222: imap: merged two case-branches performing the same action, gnunet, 2019/11/06
- [gnurl] 50/222: mime: make Curl_mime_duppart() assert if called without valid dst, gnunet, 2019/11/06
- [gnurl] 57/222: tool_operate: Expression 'config->resume_from' is always true, gnunet, 2019/11/06
- [gnurl] 67/222: http: fix warning on conversion from int to bit, gnunet, 2019/11/06
- [gnurl] 81/222: libssh: The expression is excessive or contains a misprint, gnunet, 2019/11/06
- [gnurl] 51/222: setopt: store CURLOPT_RTSP_SERVER_CSEQ correctly, gnunet, 2019/11/06
- [gnurl] 52/222: urlapi: part of conditional expression is always true: (relurl[0] == '/'), gnunet, 2019/11/06
- [gnurl] 56/222: tool_getparam: remove duplicate switch case, gnunet, 2019/11/06
- [gnurl] 65/222: appveyor: upgrade VS2017 to VS2019, gnunet, 2019/11/06
- [gnurl] 62/222: urlapi: avoid index underflow for short ipv6 hostnames, gnunet, 2019/11/06
- [gnurl] 63/222: cookie: pass in the correct cookie amount to qsort(),
gnunet <=
- [gnurl] 66/222: urldata: use 'bool' for the bit type on MSVC compilers, gnunet, 2019/11/06
- [gnurl] 73/222: RELEASE-NOTES: synced, gnunet, 2019/11/06
- [gnurl] 72/222: openssl: fix compiler warning with LibreSSL, gnunet, 2019/11/06
- [gnurl] 79/222: vauth: The parameter 'status' must be surrounded by parentheses, gnunet, 2019/11/06
- [gnurl] 78/222: doh: allow only http and https in debug mode, gnunet, 2019/11/06
- [gnurl] 71/222: curl: exit the create_transfers loop on errors, gnunet, 2019/11/06
- [gnurl] 80/222: quiche: The expression must be surrounded by parentheses, gnunet, 2019/11/06
- [gnurl] 69/222: travis: enable ngtcp2 h3-23 builds, gnunet, 2019/11/06
- [gnurl] 86/222: strcase: fix raw lowercasing the letter X, gnunet, 2019/11/06
- [gnurl] 85/222: http2: Expression 'stream->stream_id != - 1' is always true, gnunet, 2019/11/06