fergalmoran/ladybird
1
0
Fork 0
mirror of https://github.com/fergalmoran/ladybird.git synced 2026-01-06 00:25:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

LibWeb: Fix UAF in convert_header_names_to_a_sorted_lowercase_set()

Browse Source 
We can't keep a span (ReadonlyBytes) to a move()'d ByteBuffer
in the header_names_seen HashTable - copy the original name span instead
which works the same thanks to CaseInsensitiveBytesTraits.

This would sporadically fail the contains() check due to garbage data,
later leading to a VERIFY() crash in the OrderedHashTable append loop.
This commit is contained in:
Linus Groh
2023-02-10 21:58:10 +00:00
parent 92cb32b905
commit 6bce48e99b
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Userland/Libraries/LibWeb/Fetch/Infrastructure/HTTP/Headers.cpp
View File

@@ -352,7 +352,7 @@ ErrorOr<OrderedHashTable<ByteBuffer>> convert_header_names_to_a_sorted_lowercase
continue;
auto bytes = TRY(ByteBuffer::copy(name));
Infra::byte_lowercase(bytes);
header_names_seen.set(bytes);
header_names_seen.set(name);
header_names_set.append(move(bytes));
}