代码拉取完成,页面将自动刷新
From c3857eca70e3bf293fff2fe0b3766cfcad1b1251 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sat, 14 Dec 2024 23:09:16 +0100
Subject: [PATCH] altsvc: avoid integer overflow in expire calculation
A bad value here just makes for a bad alt-svc experience, not a security
problem.
Detected by OSS-Fuzz
Bug: https://issues.oss-fuzz.com/issues/383911309
Closes #15745
Conflict:context adapt
Reference:https://github.com/curl/curl/commit/c3857eca70e3bf293fff2fe0b3766cfcad1b1251
---
lib/altsvc.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/lib/altsvc.c b/lib/altsvc.c
index a3ab368c5014..62f2c545fe55 100644
--- a/lib/altsvc.c
+++ b/lib/altsvc.c
@@ -659,9 +659,13 @@ CURLcode Curl_altsvc_parse(struct Curl_easy *data,
srcalpnid, dstalpnid,
srcport, dstport);
if(as) {
- /* The expires time also needs to take the Age: value (if any) into
- account. [See RFC 7838 section 3.1] */
- as->expires = maxage + time(NULL);
+ time_t secs = time(NULL);
+ /* The expires time also needs to take the Age: value (if any)
+ into account. [See RFC 7838 section 3.1] */
+ if(maxage > (TIME_T_MAX - secs))
+ as->expires = TIME_T_MAX;
+ else
+ as->expires = maxage + secs;
as->persist = persist;
Curl_llist_insert_next(&asi->list, asi->list.tail, as, &as->node);
infof(data, "Added alt-svc: %s:%d over %s", dsthost, dstport,
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手