1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-02 11:06:38 +02:00
Files
unrealircd/include
Bram Matthys 717c9cbfa5 Fix OOB write on URL callback with 2GB+ response. Add new size limit.
The OOB write did not happen on file-backed downloads, such as remote
includes. It only happened for memory-backed requests, which are only
these 4 in standard UnrealIRCd: centralblocklist, central spam report,
other spamreport blocks (eg to dronebl) and the log block with
destination webhook. All those 4 cases are very likely to be trusted
web servers, given the nature of the data you are sending to them.

The fix was to extend the size fields everywhere to 64 bits. It was
applied to both URL backends: url_unreal.c and url_curl.c.

The new API feature is a 'max_size' in OutgoingWebRequest, which
defaults to 1MB. This is only used for memory-backed responses,
so not for real file downloads. This fixes not only the reported
bug but also the case where a rogue webserver was unbounded in
terms of what response it could send back, potentially filling
up gigabytes of server memory.

Reported by Link420.
2026-04-21 19:46:21 +02:00
..
2026-04-17 06:13:38 +02:00
2000-02-28 22:45:44 +00:00
2004-05-13 16:39:23 +00:00
2026-03-06 08:23:30 +01:00