diff options
Diffstat (limited to 'cve-2023-27371.patch')
| -rw-r--r-- | cve-2023-27371.patch | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/cve-2023-27371.patch b/cve-2023-27371.patch new file mode 100644 index 0000000..fa85125 --- /dev/null +++ b/cve-2023-27371.patch @@ -0,0 +1,15 @@ +diff --git a/src/microhttpd/postprocessor.c b/src/microhttpd/postprocessor.c +index 99074215..c00605c7 100644 +--- a/src/microhttpd/postprocessor.c ++++ b/src/microhttpd/postprocessor.c +@@ -83,7 +83,7 @@ MHD_create_post_processor (struct MHD_Connection *connection, + return NULL; /* failed to determine boundary */ + boundary += MHD_STATICSTR_LEN_ ("boundary="); + blen = strlen (boundary); +- if ( (blen == 0) || ++ if ( (blen < 2) || + (blen * 2 + 2 > buffer_size) ) + return NULL; /* (will be) out of memory or invalid boundary */ + if ( (boundary[0] == '"') && +-- +cgit v1.2.3 |