[vlc-devel] [PATCH] httpcookies: fix heap read overflow (fixes #12674)

Sun Nov 2 20:28:10 CET 2014

On 02.11.2014 17:08, Rémi Denis-Courmont wrote:
> Cc: Antti Ajanki <antti.ajanki at iki.fi>
> ---
>   src/misc/httpcookies.c | 14 ++++++++++----
>   1 file changed, 10 insertions(+), 4 deletions(-)
>
> diff --git a/src/misc/httpcookies.c b/src/misc/httpcookies.c
> index 4536880..7bd9850 100644
> --- a/src/misc/httpcookies.c
> +++ b/src/misc/httpcookies.c
> @@ -332,10 +332,16 @@ static bool cookie_domain_matches( const http_cookie_t * cookie, const char *hos
>   
>       size_t host_len = strlen(host);
>       size_t cookie_domain_len = strlen(cookie->psz_domain);
> -    int i = host_len - cookie_domain_len;
> -    bool is_suffix = ( i > 0 ) &&
> -        vlc_ascii_strcasecmp( &host[i], cookie->psz_domain ) == 0;
> -    bool has_dot_before_suffix = host[i-1] == '.';
> +    bool is_suffix = false, has_dot_before_suffix = false;
> +
> +    if( host_len > cookie_domain_len )
> +    {
> +        size_t i = host_len - cookie_domain_len;
> +
> +        is_suffix = vlc_ascii_strcasecmp( &host[i], cookie->psz_domain ) == 0;
> +        has_dot_before_suffix = host[i-1] == '.';
> +    }
> +
>       bool host_is_ipv4 = strspn(host, "0123456789.") == host_len;
>       bool host_is_ipv6 = strchr(host, ':') != NULL;
>       return is_suffix && has_dot_before_suffix &&

Looks good to me.

Antti