1From 7035676c3daa4f1c3766095561f12e7a0e82c736 Mon Sep 17 00:00:00 2001 2From: Daniel Stenberg <daniel@haxx.se> 3Date: Mon, 16 May 2022 16:28:13 +0200 4Subject: [PATCH] content_encoding: return error on too many compression steps 5 6The max allowed steps is arbitrarily set to 5. 7--- 8 lib/content_encoding.c | 9 +++++++++ 9 1 file changed, 9 insertions(+) 10 11Index: curl-7.83.1/lib/content_encoding.c 12=================================================================== 13--- curl-7.83.1.orig/lib/content_encoding.c 14+++ curl-7.83.1/lib/content_encoding.c 15@@ -1026,12 +1026,16 @@ static const struct content_encoding *fi 16 return NULL; 17 } 18 19+/* allow no more than 5 "chained" compression steps */ 20+#define MAX_ENCODE_STACK 5 21+ 22 /* Set-up the unencoding stack from the Content-Encoding header value. 23 * See RFC 7231 section 3.1.2.2. */ 24 CURLcode Curl_build_unencoding_stack(struct Curl_easy *data, 25 const char *enclist, int maybechunked) 26 { 27 struct SingleRequest *k = &data->req; 28+ int counter = 0; 29 30 do { 31 const char *name; 32@@ -1066,6 +1070,11 @@ CURLcode Curl_build_unencoding_stack(str 33 if(!encoding) 34 encoding = &error_encoding; /* Defer error at stack use. */ 35 36+ if(++counter >= MAX_ENCODE_STACK) { 37+ failf(data, "Reject response due to %u content encodings", 38+ counter); 39+ return CURLE_BAD_CONTENT_ENCODING; 40+ } 41 /* Stack the unencoding stage. */ 42 writer = new_unencoding_writer(data, encoding, k->writer_stack); 43 if(!writer) 44