From 271ac8a2e25e2edd0a2b4906492cd3a687f62889 Mon Sep 17 00:00:00 2001 From: mrlongsword Date: Fri, 28 Jul 2023 05:36:28 +0800 Subject: [PATCH] fix: heap overflow:CVE-2020-29596 --- http.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/http.c b/http.c index 238940b..fa0cd4d 100644 --- a/http.c +++ b/http.c @@ -1266,7 +1266,12 @@ int _mwProcessReadSocket(HttpParam* hp, HttpSocket* phsSocket) phsSocket->request.pucPayload = malloc(phsSocket->bufferSize); phsSocket->pucData = phsSocket->request.pucPayload; // payload length already received + + // Fix heap overflow (CVE-2020-29596) + // We make sure that the length of phsSocket->dataLength doesn't exceed request.payloadSize + if (phsSocket->dataLength > phsSocket->request.payloadSize) phsSocket->dataLength = phsSocket->request.payloadSize; phsSocket->dataLength -= phsSocket->request.headerSize; + // copy already received payload to payload buffer memcpy(phsSocket->request.pucPayload, phsSocket->buffer + phsSocket->request.headerSize, phsSocket->dataLength); phsSocket->request.pucPayload[phsSocket->dataLength]=0;