RFC2616 (HTTP Protocol) Division

Published in 1999 RFC2616, Hypertext Transfer Protocol – HTTP/1.1, has been obsoleted by RFC’S[7230-7237] in June of 2014.

The original RFC states:

HTTP has been in use by the World-Wide Web global information initiative since 1990. This specification defines the protocol referred to as “HTTP/1.1”, and is an update to RFC 2068 [33].

Code change for CVE-2014-3710


function header

private size_t donote(struct magic_set *, unsigned char *, size_t, size_t, int, int, size_t, int *);


— a/ext/fileinfo/libmagic/readelf.c

+++ b/ext/fileinfo/libmagic/readelf.c

@@ -372,6 +372,13 @@ donote(struct magic_set *ms, void *vbuf, size_t offset, size_t size, uint32_t namesz, descsz; unsigned char *nbuf = CAST(unsigned char *, vbuf);

+       if (xnh_sizeof + offset > size) {

+               /*