From 9eb5dfe7bb8c0e07ec3a5eaf5ffdbb20a4fb0d4c Mon Sep 17 00:00:00 2001
From: Tomasz Wasilczyk <twasilczyk@pidgin.im>
Date: Wed, 29 Jan 2014 13:52:49 +0100
Subject: [PATCH] Fix CVE-2013-6487: a possible buffer overflow when parsing
 HTTP response

---
 src/http.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/http.c b/src/http.c
index 53fafeb1..901289f4 100644
--- a/src/http.c
+++ b/src/http.c
@@ -43,6 +43,8 @@
 #include <string.h>
 #include <unistd.h>
 
+#define GG_HTTP_MAX_LENGTH 1000000000
+
 /**
  * Rozpoczyna połączenie HTTP.
  *
@@ -360,6 +362,11 @@ int gg_http_watch_fd(struct gg_http *h)
 				h->body_size = left;
 			}
 
+			if (h->body_size > GG_HTTP_MAX_LENGTH) {
+				gg_debug(GG_DEBUG_MISC, "=> http, content-length too big\n");
+				h->body_size = GG_HTTP_MAX_LENGTH;
+			}
+
 			if (left > h->body_size) {
 				gg_debug(GG_DEBUG_MISC, "=> http, oversized reply (%d bytes needed, %d bytes left)\n", h->body_size, left);
 				h->body_size = left;