git-market/curl-curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-11 12:01:42 +08:00
Code Issues Actions 14 Packages Projects Releases Wiki Activity

curl_get_line: error out on read errors

Browse Source 
Missing ferror handling in Curl_get_line causes infinite loops on I/O
errors, leading to denial-of-service hangs for config/cache file loads.

Follow-up to 769ccb4d42

Pointed out by Codex Security

Closes #20958
This commit is contained in:
Daniel Stenberg 2026-03-17 13:55:21 +01:00
parent adda11330b
commit ae09e5bf0d
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/curl_get_line.c
View File

@ -40,6 +40,8 @@ CURLcode Curl_get_line(struct dynbuf *buf, FILE *input, bool *eof)
while(1) { while(1) {
size_t rlen; size_t rlen;
const char *b = fgets(buffer, sizeof(buffer), input); const char *b = fgets(buffer, sizeof(buffer), input);
if(!b && ferror(input))
return CURLE_READ_ERROR;
*eof = feof(input); *eof = feof(input);