git-market/curl-curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-11 12:01:42 +08:00
Code Issues Actions 14 Packages Projects Releases Wiki Activity

gtls: fail for large files in load_file()

Browse Source 
Used for issuer certs. Limit the size at `CURL_MAX_INPUT_LENGTH`, 8MB.

Bug: https://github.com/curl/curl/pull/21256#discussion_r3045854654

Closes #21257
This commit is contained in:
Viktor Szakats 2026-04-07 17:01:29 +02:00
parent d3dc5dbc87
commit b2a767dbce
No known key found for this signature in database
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/vtls/gtls.c
View File

@ -206,7 +206,7 @@ static gnutls_datum_t load_file(const char *file)
if(fseek(f, 0, SEEK_END) != 0)
goto out;
filelen = ftell(f);
if(filelen < 0)
if(filelen < 0 || filelen > CURL_MAX_INPUT_LENGTH)
goto out;
if(fseek(f, 0, SEEK_SET) != 0)
goto out;