-
Committer:
Daniel Wagner
-
Author(s):
Nathan Crandall
-
Date:
2022-08-01 06:41:03 UTC
-
Revision ID:
git-v1:d1a5ede5d255bde8ef707f8441b997563b9312bd
gweb: Fix OOB write in received_data()
There is a mismatch of handling binary vs. C-string data with memchr
and strlen, resulting in pos, count, and bytes_read to become out of
sync and result in a heap overflow. Instead, do not treat the buffer
as an ASCII C-string. We calculate the count based on the return value
of memchr, instead of strlen.
Fixes: CVE-2022-32292