Merge commit from fork

* [libesl] Validate `Content-Length` in `esl_recv_event`.

`atol()` accepted negative values, allowing a remote ESL peer to cause
a one-byte heap underwrite (`Content-Length: -1`) or NULL-pointer
dereference (`Content-Length: -2`, since `esl_assert` compiles out
under `NDEBUG`). Reject negative and oversized values, and check
`malloc` failure instead of relying on `assert`.

Cap at `ESL_MAX_CONTENT_LENGTH` (16 MiB).

* [libesl] Add test_recv_event.
This commit is contained in:
Dmitry Verenitsin
2026-05-27 00:28:23 +05:00
committed by GitHub
parent 02ac36bb11
commit 22de26cc7c
7 changed files with 134 additions and 6 deletions
+7
View File
@@ -107,6 +107,13 @@ jobs:
run: |
./run-tests.sh ${{ inputs.total-groups }} ${{ inputs.current-group }} --output-dir logs || exit 1
- name: Run libesl tests
if: ${{ inputs.current-group == 1 }}
shell: bash
working-directory: ${{ inputs.working-directory }}/../../libs/esl
run: |
make check
- name: Collect unit test logs
if: always()
shell: bash