Minor patch of max connection total size

stamparm · stamparm · commit 760fac59d88c · 2026-01-04T20:34:57.000+01:00
diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt
@@ -189,7 +189,7 @@ fb0a08ac6f8bb07711e4e895eebf9fb3c8d452cc7aaebcdf78d926cdf051550d  lib/core/patch
 73ef0895d728fe76bf9abda94d4b97951069532a088d603a064e793bb2ae45d9  lib/core/replication.py
 3574639db4942d16a2dc0a2f04bb7c0913c40c3862b54d34c44075a760e0c194  lib/core/revision.py
 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c  lib/core/session.py
-e9cdbf4991b1f19fb367133c85ea8fe6c189ac03b9db516fa58de9c5e41376fe  lib/core/settings.py
+b38f42c65a2cdb32bb82234dc48b041c054a0291ce6b51ade0cf19da72b6f6ff  lib/core/settings.py
 cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82  lib/core/shell.py
 00dc9e87db2c13d7eaf18edd503267430460d91baf76760350be545d4a387a9f  lib/core/subprocessng.py
 d35650179816193164a5f177102f18379dfbe6bb6d40fbb67b78d907b41c8038  lib/core/target.py
@@ -209,7 +209,7 @@ c5b258be7485089fac9d9cd179960e774fbd85e62836dc67cce76cc028bb6aeb  lib/parse/hand
 4ca378496510a02c0184b45107889625dc7faf459073e83b3520c66674049af4  lib/parse/payloads.py
 80d26a30abe948faf817a14f746cc8b3e2341ea8286830cccaae253b8ac0cdff  lib/parse/sitemap.py
 1be3da334411657461421b8a26a0f2ff28e1af1e28f1e963c6c92768f9b0847c  lib/request/basicauthhandler.py
-a30f18e52463c7c483430201b194350b55a54855507b253af826992e7e5c8435  lib/request/basic.py
+d04feda1063f643fda30b9c444d5950561143d18fa6ee822967d3ad3101483f9  lib/request/basic.py
 bc61bc944b81a7670884f82231033a6ac703324b34b071c9834886a92e249d0e  lib/request/chunkedhandler.py
 2daf0ce19eacda64687f441c90ef8da51714c3e8947c993ba08fb4ecdc4f5287  lib/request/comparison.py
 626bb6f3316a906a4629c0feb8ecbbcf473fb59e5bc532603c35b6b8f63f1deb  lib/request/connect.py
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -19,7 +19,7 @@
 from thirdparty import six
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.10.1.5"
+VERSION = "1.10.1.6"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/lib/request/basic.py b/lib/request/basic.py
@@ -10,7 +10,6 @@
 import io
 import logging
 import re
-import struct
 import zlib
 
 from lib.core.common import Backend
@@ -291,14 +290,16 @@ def decodePage(page, contentEncoding, contentType, percentDecode=True):
 
         try:
             if contentEncoding == "deflate":
-                data = io.BytesIO(zlib.decompress(page, -15))  # Reference: http://stackoverflow.com/questions/1089662/python-inflate-and-deflate-implementations
+                obj = zlib.decompressobj(-15)
+                page = obj.decompress(page, MAX_CONNECTION_TOTAL_SIZE + 1)
+                page += obj.flush()
+                if len(page) > MAX_CONNECTION_TOTAL_SIZE:
+                    raise Exception("size too large")
             else:
                 data = gzip.GzipFile("", "rb", 9, io.BytesIO(page))
-                size = struct.unpack("<l", page[-4:])[0]  # Reference: http://pydoc.org/get.cgi/usr/local/lib/python2.5/gzip.py
-                if size > MAX_CONNECTION_TOTAL_SIZE:
+                page = data.read(MAX_CONNECTION_TOTAL_SIZE + 1)
+                if len(page) > MAX_CONNECTION_TOTAL_SIZE:
                     raise Exception("size too large")
-
-            page = data.read()
         except Exception as ex:
             if b"<html" not in page:  # in some cases, invalid "Content-Encoding" appears for plain HTML (should be ignored)
                 errMsg = "detected invalid data for declared content "
