blob: 2ec8f819f976b37757a36dd3c8c13a9c935fa39b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
From 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnter=20Obiltschnig?= <guenter.obiltschnig@appinf.com>
Date: Wed, 16 Apr 2025 09:15:33 +0200
Subject: [PATCH] fix(Net): A SEGV at Net/src/MultipartReader.cpp:164:1 #4915
(move assertion out of ctor)
CVE: CVE-2025-6375
Upstream-Status: Backport [https://github.com/pocoproject/poco/commit/6f2f85913c191ab9ddfb8fae781f5d66afccf3bf]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
Net/src/MultipartReader.cpp | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/Net/src/MultipartReader.cpp b/Net/src/MultipartReader.cpp
index f3a2f2bba..f4aa27dd8 100644
--- a/Net/src/MultipartReader.cpp
+++ b/Net/src/MultipartReader.cpp
@@ -36,7 +36,6 @@ MultipartStreamBuf::MultipartStreamBuf(std::istream& istr, const std::string& bo
_boundary(boundary),
_lastPart(false)
{
- poco_assert (!boundary.empty() && boundary.length() < STREAM_BUFFER_SIZE - 6);
}
@@ -47,7 +46,7 @@ MultipartStreamBuf::~MultipartStreamBuf()
int MultipartStreamBuf::readFromDevice(char* buffer, std::streamsize length)
{
- poco_assert_dbg (length >= _boundary.length() + 6);
+ poco_assert (!_boundary.empty() && _boundary.length() < length - 6);
static const int eof = std::char_traits<char>::eof();
std::streambuf& buf = *_istr.rdbuf();
|