Repository: trafficserver Updated Branches: refs/heads/master fa172b4fc -> ec85db857
Fix subtle bug with strlcpy with non-null terminated strings Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/ec85db85 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/ec85db85 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/ec85db85 Branch: refs/heads/master Commit: ec85db857d9afc6411298c520a00220cbc53af37 Parents: fa172b4 Author: Brian Geffon <[email protected]> Authored: Mon Jan 26 11:16:23 2015 -0800 Committer: Brian Geffon <[email protected]> Committed: Mon Jan 26 11:16:23 2015 -0800 ---------------------------------------------------------------------- iocore/net/I_NetVConnection.h | 2 +- lib/ts/ink_memory.cc | 3 ++- proxy/http/HttpSM.cc | 3 ++- 3 files changed, 5 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/ec85db85/iocore/net/I_NetVConnection.h ---------------------------------------------------------------------- diff --git a/iocore/net/I_NetVConnection.h b/iocore/net/I_NetVConnection.h index 3ff5ff0..a8b4971 100644 --- a/iocore/net/I_NetVConnection.h +++ b/iocore/net/I_NetVConnection.h @@ -185,7 +185,7 @@ struct NetVCOptions { IpEndpoint ip; // Literal IPv4 and IPv6 addresses are not permitted in "HostName".(rfc6066#section-3) - if (ats_ip_pton(ts::ConstBuffer(name, len), &ip) != 0 && name != NULL && len > 0) { + if (name && len && ats_ip_pton(ts::ConstBuffer(name, len), &ip) != 0) { sni_servername = ats_strndup(name, len); } else { sni_servername = NULL; http://git-wip-us.apache.org/repos/asf/trafficserver/blob/ec85db85/lib/ts/ink_memory.cc ---------------------------------------------------------------------- diff --git a/lib/ts/ink_memory.cc b/lib/ts/ink_memory.cc index a996bad..d2e94d6 100644 --- a/lib/ts/ink_memory.cc +++ b/lib/ts/ink_memory.cc @@ -238,7 +238,8 @@ _xstrdup(const char *str, int length, const char* /* path ATS_UNUSED */) if (unlikely(length == 0)) { *newstr = '\0'; } else { - ink_strlcpy(newstr, str, length + 1); + strncpy(newstr, str, length); // we cannot do length + 1 because the string isn't + newstr[length] = '\0'; // guaranteeed to be null terminated! } return newstr; } http://git-wip-us.apache.org/repos/asf/trafficserver/blob/ec85db85/proxy/http/HttpSM.cc ---------------------------------------------------------------------- diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc index 8323929..88cbe4f 100644 --- a/proxy/http/HttpSM.cc +++ b/proxy/http/HttpSM.cc @@ -4802,7 +4802,8 @@ HttpSM::do_http_server_open(bool raw) DebugSM("http", "calling sslNetProcessor.connect_re"); int len = 0; const char * host = t_state.hdr_info.server_request.host_get(&len); - opt.set_sni_servername(host, len); + if (host && len > 0) + opt.set_sni_servername(host, len); connect_action_handle = sslNetProcessor.connect_re(this, // state machine &t_state.current.server->addr.sa, // addr + port &opt);
