1
Vote

Possible crash in CAtlHttpClientT

description

If a binary file is being downloaded using chunked Transfer-Encoding, and the binary file contains a null character, this line in ReadChunkedBody will only append some of the result_buffer to m_current, because Append with no length uses strlen, which will stop at the null. Later attempts to use m_current can cause access violations because GetBodyLength() still returns the actual download size.
if (!m_current.Append((LPCSTR)result_buffer))
    return false;
 
Changing it to this, fixes the problem:
if ( !m_current.Append((LPCSTR)result_buffer, result_buffer.GetLength()) )
    return false;
 
 
Not a bug, but I also added this code in ReadChunkedBody just after a successful Read so that callback clients will get feedback during a chunked download.
            if (m_pNavData->pfnReadStatusCallback)
            {
                bool bRet = m_pNavData->pfnReadStatusCallback(dwReadBuffSize, m_pNavData->m_lParamRead);
                if (!bRet)
                    return bRet;
            }

file attachments

comments

asalamon wrote May 20, 2011 at 7:57 PM

Apparently this was reported as far back as 2002 and still hasn't been fixed:
http://groups.google.com/group/microsoft.public.vc.atl/msg/4e2e29008d33ca17

wrote Feb 14, 2013 at 8:57 PM