romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-14 22:41:40 +03:00
Code Issues Projects Releases Packages Wiki Activity

altsvc: avoid integer overflow in expire calculation

Browse source 
A bad value here just makes for a bad alt-svc experience, not a security
problem.

Detected by OSS-Fuzz

Bug: https://issues.oss-fuzz.com/issues/383911309

Closes #15745
This commit is contained in:
Daniel Stenberg 2024-12-14 23:09:16 +01:00
parent f7cd713d38
commit c3857eca70
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
1 changed files with 7 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

10
lib/altsvc.c
View file

@ -659,9 +659,13 @@ CURLcode Curl_altsvc_parse(struct Curl_easy *data,
srcalpnid, dstalpnid,
srcport, dstport);
if(as) {
/* The expires time also needs to take the Age: value (if any) into
account. [See RFC 7838 section 3.1] */
as->expires = maxage + time(NULL);
time_t secs = time(NULL);
/* The expires time also needs to take the Age: value (if any)
into account. [See RFC 7838 section 3.1] */
if(maxage > (TIME_T_MAX - secs))
as->expires = TIME_T_MAX;
else
as->expires = maxage + secs;
as->persist = persist;
Curl_llist_append(&asi->list, as, &as->node);
infof(data, "Added alt-svc: %s:%d over %s", dsthost, dstport,