romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-14 22:41:40 +03:00
Code Issues Projects Releases Packages Wiki Activity

curl_get_line: fix potential infinite loop when filename is a directory

Browse source 
Fix potential inifinite loop reading file content with `Curl_get_line()`
when a filename passed via these options are pointing to a directory
entry (on non-Windows):

- `--alt-svc` / `CURLOPT_ALTSVC`
- `-b` / `--cookie` / `CURLOPT_COOKIEFILE`
- `--hsts` / `CURLOPT_HSTS`
- `--netrc-file` / `CURLOPT_NETRC_FILE`

Fix by checking for this condition and silently skipping such filename
without attempting to read content. Add test 1713 to verify.

Mention in cookie documentation as an accepted case, also show a verbose
message when a directory is detected. Extend test 46 to verify if such
failure lets the logic continue to the next cookie file.

Reported-and-based-on-patch-by: Richard Tollerton
Fixes #20823
Closes #20826 (originally-based-on)
Follow-up to 769ccb4d42 #19140

Closes #20873
This commit is contained in:
Viktor Szakats 2026-03-10 01:03:13 +01:00
parent 6d87eb2878
commit e76968e20d
No known key found for this signature in database
9 changed files with 116 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

29
lib/altsvc.c
View file

@ -208,19 +208,22 @@ static CURLcode altsvc_load(struct altsvcinfo *asi, const char *file)
fp = curlx_fopen(file, FOPEN_READTEXT);
if(fp) {
bool eof = FALSE;
struct dynbuf buf;
curlx_dyn_init(&buf, MAX_ALTSVC_LINE);
do {
result = Curl_get_line(&buf, fp, &eof);
if(!result) {
const char *lineptr = curlx_dyn_ptr(&buf);
curlx_str_passblanks(&lineptr);
if(curlx_str_single(&lineptr, '#'))
altsvc_add(asi, lineptr);
}
} while(!result && !eof);
curlx_dyn_free(&buf); /* free the line buffer */
curlx_struct_stat stat;
if((curlx_fstat(fileno(fp), &stat) == -1) || !S_ISDIR(stat.st_mode)) {
bool eof = FALSE;
struct dynbuf buf;
curlx_dyn_init(&buf, MAX_ALTSVC_LINE);
do {
result = Curl_get_line(&buf, fp, &eof);
if(!result) {
const char *lineptr = curlx_dyn_ptr(&buf);
curlx_str_passblanks(&lineptr);
if(curlx_str_single(&lineptr, '#'))
altsvc_add(asi, lineptr);
}
} while(!result && !eof);
curlx_dyn_free(&buf); /* free the line buffer */
}
curlx_fclose(fp);
}
return result;