$NetBSD: patch-CVE-2012-4505,v 1.1.2.2 2012/12/01 09:07:24 tron Exp $

see https://bugzilla.redhat.com/show_bug.cgi?id=864612

--- src/lib/pac.c.orig	2009-09-29 19:52:50.000000000 +0000
+++ src/lib/pac.c
@@ -35,6 +35,9 @@
 
 #define PAC_MIME_TYPE "application/x-ns-proxy-autoconfig"
 
+// This is the maximum pac size (to avoid memory attacks)
+#define PAC_MAX_SIZE 102400
+
 /**
  * ProxyAutoConfig object.  All fields are private.
  */
@@ -159,12 +162,15 @@ px_pac_reload(pxPAC *self)
 		}
 
 		/* Get content */
-		if (!content_length || !correct_mime_type) goto error;
+		if (content_length == 0 || content_length > PAC_MAX_SIZE || !correct_mime_type) goto error;
 		px_free(line); line = NULL;
 		px_free(self->cache);
 		self->cache = px_malloc0(content_length+1);
-		for (int recvd=0 ; recvd != content_length ; )
-			recvd += recv(sock, self->cache + recvd, content_length - recvd, 0);
+		for (int recvd=0 ; recvd != content_length ; ) {
+			int r = recv(sock, self->cache + recvd, content_length - recvd, 0);
+			if (r <= 0) goto error;
+			recvd += r;
+		}
 	}
 	else
 	{ /* file:// url */
