android/okhttp
1
0
Fork 0
mirror of https://github.com/square/okhttp.git synced 2026-01-25 16:01:38 +03:00
Code Releases Activity

Guard against invalid name value block headers.

Browse Source 
If a badly behaved server sends us a negative number
of name value blocks, we should throw an IOException and
not a RTE (which will be thrown when we try to construct an
ArrayList with a negative size).
This commit is contained in:
Narayan Kamath
2013-03-12 16:56:28 +00:00
parent 36c0a8048a
commit 780a2cbd70
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/main/java/com/squareup/okhttp/internal/spdy/SpdyReader.java
View File

@@ -232,6 +232,10 @@ final class SpdyReader implements Closeable {
this.compressedLimit += length;
try {
int numberOfPairs = nameValueBlockIn.readInt();
if (numberOfPairs < 0) {
Logger.getLogger(getClass().getName()).warning("numberOfPairs < 0: " + numberOfPairs);
throw ioException("numberOfPairs < 0");
}
List<String> entries = new ArrayList<String>(numberOfPairs * 2);
for (int i = 0; i < numberOfPairs; i++) {
String name = readString();