From ee1523630a81fffa6b7d93dd0c7a6191de5856cd Mon Sep 17 00:00:00 2001
From: Simon Goldschmidt <goldsimon@gmx.de>
Date: Wed, 29 Nov 2023 21:35:06 +0100
Subject: [PATCH] httpc with LWIP_HTTPC_HAVE_FILE_IO: fix heap buffer overflow
 for long local filenames

See bug #64940
---
 src/apps/http/http_client.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/apps/http/http_client.c b/src/apps/http/http_client.c
index 8d80cc25..32c6f6c2 100644
--- a/src/apps/http/http_client.c
+++ b/src/apps/http/http_client.c
@@ -734,12 +734,17 @@ httpc_fs_init(httpc_filestate_t **filestate_out, const char* local_file_name,
 {
   httpc_filestate_t *filestate;
   size_t file_len, alloc_len;
+  mem_size_t alloc_mem_size;
   FILE *f;
 
   file_len = strlen(local_file_name);
   alloc_len = sizeof(httpc_filestate_t) + file_len + 1;
-
-  filestate = (httpc_filestate_t *)mem_malloc((mem_size_t)alloc_len);
+  alloc_mem_size = (mem_size_t)alloc_len;
+  if (alloc_mem_size < alloc_len) {
+    /* overflow */
+    return ERR_MEM;
+  }
+  filestate = (httpc_filestate_t *)mem_malloc(alloc_mem_size);
   if (filestate == NULL) {
     return ERR_MEM;
   }