Closed
Bug 139956
Opened 22 years ago
Closed 22 years ago
Buffer overflow in plugin Post URL's (plus Fix)
Categories
(Core Graveyard :: Plug-ins, defect)
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: shilad, Assigned: srgchrpv)
Details
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0rc1) Gecko/20020417 BuildID: 2002041717 Bug in ParsePostBufferToFixHeaders results in a buffer overflow. Reproducible: Always Steps to Reproduce: 1.Call NPN_PostURL with data with a leading "\n" 2.HTTP Server gets send invalid content 3. Actual Results: POST Message + additional garbage received by server Expected Results: POST Message received by server I've included a single line fix: nsPluginHostImpl.cpp, line 6331; add the following: 6327 nsMemory::Free(p); 6328 *outPostData = 0; 6329 return NS_ERROR_FAILURE; 6330 } 6331 p += headersLen; 6332 newBufferLen = headersLen + dataLen; /* new line shilad */ 6333 }
Comment 1•22 years ago
|
||
-->over to serge (maybe can add to one of the patches in progress)
Assignee: beppe → serge
Status: UNCONFIRMED → NEW
Ever confirmed: true
Assignee | ||
Comment 2•22 years ago
|
||
good finding, thanks Shilad. your patch is in by check in for bug 130080. resoled as fixed.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Updated•2 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•