mirror of
https://github.com/lwip-tcpip/lwip.git
synced 2024-09-28 23:00:50 +00:00
httpc with LWIP_HTTPC_HAVE_FILE_IO: fix heap buffer overflow for long local filenames
See bug #64940
This commit is contained in:
parent
5e3268cf3e
commit
ee1523630a
@ -734,12 +734,17 @@ httpc_fs_init(httpc_filestate_t **filestate_out, const char* local_file_name,
|
|||||||
{
|
{
|
||||||
httpc_filestate_t *filestate;
|
httpc_filestate_t *filestate;
|
||||||
size_t file_len, alloc_len;
|
size_t file_len, alloc_len;
|
||||||
|
mem_size_t alloc_mem_size;
|
||||||
FILE *f;
|
FILE *f;
|
||||||
|
|
||||||
file_len = strlen(local_file_name);
|
file_len = strlen(local_file_name);
|
||||||
alloc_len = sizeof(httpc_filestate_t) + file_len + 1;
|
alloc_len = sizeof(httpc_filestate_t) + file_len + 1;
|
||||||
|
alloc_mem_size = (mem_size_t)alloc_len;
|
||||||
filestate = (httpc_filestate_t *)mem_malloc((mem_size_t)alloc_len);
|
if (alloc_mem_size < alloc_len) {
|
||||||
|
/* overflow */
|
||||||
|
return ERR_MEM;
|
||||||
|
}
|
||||||
|
filestate = (httpc_filestate_t *)mem_malloc(alloc_mem_size);
|
||||||
if (filestate == NULL) {
|
if (filestate == NULL) {
|
||||||
return ERR_MEM;
|
return ERR_MEM;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user