mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-07-08 04:08:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix some glitches in redbean

Browse source 
This change includes a fix to Fetch() where an out of bounds memory read
could happen, when the reverse proxied endpoint omits the content-length
header. This caused a bunch of NUL chars to appear on TurfWar's /statusz
since it wouldn't actually overrun the buffer, and if it did it would've
been caught by MODE=asan builds.
This commit is contained in:
Justine Tunney 2022-11-02 09:42:52 -07:00
parent 14d036b68d
commit 6b06a8176d
No known key found for this signature in database
GPG key ID: BE714B4575D6E328
6 changed files with 7 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tool/net/fetch.inc
View file

@ -364,7 +364,7 @@ static int LuaFetch(lua_State *L) {
break;
case kHttpClientStateBody:
if (!g) {
paylen = inbuf.n;
paylen = inbuf.n - hdrsize;
goto Finished;
}
break;

2
tool/net/redbean.c
View file

@ -6153,7 +6153,7 @@ static char *ServeAsset(struct Asset *a, const char *path, size_t pathlen) {
((cpm.contentlength >= 100 && _startswithi(ct, "text/")) ||
(cpm.contentlength >= 1000 &&
MeasureEntropy(cpm.content, 1000) < 7))) {
WARNF("serving compressed asset");
VERBOSEF("serving compressed asset");
p = ServeAssetCompressed(a);
} else {
p = ServeAssetIdentity(a, ct);