42 lines
1.6 KiB
Diff
42 lines
1.6 KiB
Diff
|
From c3857eca70e3bf293fff2fe0b3766cfcad1b1251 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Daniel Stenberg <daniel@haxx.se>
|
||
|
|
Date: Sat, 14 Dec 2024 23:09:16 +0100
|
||
|
|
Subject: [PATCH] altsvc: avoid integer overflow in expire calculation
|
||
|
|
|
||
|
|
A bad value here just makes for a bad alt-svc experience, not a security
|
||
|
|
problem.
|
||
|
|
|
||
|
|
Detected by OSS-Fuzz
|
||
|
|
|
||
|
|
Bug: https://issues.oss-fuzz.com/issues/383911309
|
||
|
|
|
||
|
|
Closes #15745
|
||
|
|
|
||
|
|
Conflict:context adapt
|
||
|
|
Reference:https://github.com/curl/curl/commit/c3857eca70e3bf293fff2fe0b3766cfcad1b1251
|
||
|
|
---
|
||
|
|
lib/altsvc.c | 10 +++++++---
|
||
|
|
1 file changed, 7 insertions(+), 3 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/lib/altsvc.c b/lib/altsvc.c
|
||
|
|
index a3ab368c5014..62f2c545fe55 100644
|
||
|
|
--- a/lib/altsvc.c
|
||
|
|
+++ b/lib/altsvc.c
|
||
|
|
@@ -659,9 +659,13 @@ CURLcode Curl_altsvc_parse(struct Curl_easy *data,
|
||
|
|
srcalpnid, dstalpnid,
|
||
|
|
srcport, dstport);
|
||
|
|
if(as) {
|
||
|
|
- /* The expires time also needs to take the Age: value (if any) into
|
||
|
|
- account. [See RFC 7838 section 3.1] */
|
||
|
|
- as->expires = maxage + time(NULL);
|
||
|
|
+ time_t secs = time(NULL);
|
||
|
|
+ /* The expires time also needs to take the Age: value (if any)
|
||
|
|
+ into account. [See RFC 7838 section 3.1] */
|
||
|
|
+ if(maxage > (TIME_T_MAX - secs))
|
||
|
|
+ as->expires = TIME_T_MAX;
|
||
|
|
+ else
|
||
|
|
+ as->expires = maxage + secs;
|
||
|
|
as->persist = persist;
|
||
|
|
Curl_llist_insert_next(&asi->list, asi->list.tail, as, &as->node);
|
||
|
|
infof(data, "Added alt-svc: %s:%d over %s", dsthost, dstport,
|