This is an automated email from the ASF dual-hosted git repository.

bcall pushed a commit to branch master
in repository https://git-dual.apache.org/repos/asf/trafficserver.git

The following commit(s) were added to refs/heads/master by this push:
       new  42853eb   TS-4983: Buffer overflow in esi plugin
42853eb is described below

commit 42853eb84ceed6ddf5811cc2cd1a87be788d2483
Author: Bryan Call <bc...@apache.org>
AuthorDate: Tue Oct 18 13:36:31 2016 -0700

    TS-4983: Buffer overflow in esi plugin
---
 plugins/esi/lib/EsiParser.cc | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/plugins/esi/lib/EsiParser.cc b/plugins/esi/lib/EsiParser.cc
index 24556b3..353c457 100644
--- a/plugins/esi/lib/EsiParser.cc
+++ b/plugins/esi/lib/EsiParser.cc
@@ -265,7 +265,6 @@ EsiParser::_parse(const string &data, int &parse_start_pos, 
DocNodeList &node_li
 {
   size_t orig_list_size = node_list.size();
   size_t curr_pos, end_pos;
-  const char *data_ptr;
   const char *const data_start_ptr = data.data();
   size_t data_size                 = data.size();
   const EsiNodeInfo *node_info;
@@ -300,12 +299,10 @@ EsiParser::_parse(const string &data, int 
&parse_start_pos, DocNodeList &node_li
 
     if (is_html_comment_node) {
       _debugLog(_debug_tag, "[%s] Found html comment tag at position %d", 
__FUNCTION__, curr_pos);
-      data_ptr  = data_start_ptr + curr_pos;
       node_info = &HTML_COMMENT_NODE_INFO;
       ++curr_pos;
     } else {
       curr_pos += ESI_TAG_PREFIX_LEN;
-      data_ptr = data_start_ptr + curr_pos;
 
       for (node_info = ESI_NODES; node_info->type != DocNode::TYPE_UNKNOWN; 
++node_info) {
         search_result = _compareData(data, curr_pos, node_info->tag_suffix, 
node_info->tag_suffix_len);
@@ -336,7 +333,7 @@ EsiParser::_parse(const string &data, int &parse_start_pos, 
DocNodeList &node_li
         }
       }
       if (node_info->type == DocNode::TYPE_UNKNOWN) {
-        _errorLog("[%s] Unknown ESI tag starting with [%.10s]...", 
__FUNCTION__, data_ptr - ESI_TAG_PREFIX_LEN);
+        _errorLog("[%s] Unknown ESI tag starting with [%10s]...", 
__FUNCTION__, data.c_str());
         goto lFail;
       }
     }
@@ -346,7 +343,7 @@ EsiParser::_parse(const string &data, int &parse_start_pos, 
DocNodeList &node_li
 
     if ((search_result == NO_MATCH) || (search_result == PARTIAL_MATCH)) {
       if (last_chunk) {
-        _errorLog("[%s] ESI tag starting with [%.10s]... has no matching 
closing tag [%.*s]", __FUNCTION__, data.c_str(),
+        _errorLog("[%s] ESI tag starting with [%10s]... has no matching 
closing tag [%.*s]", __FUNCTION__, data.c_str(),
                   node_info->closing_tag_len, node_info->closing_tag);
         goto lFail;
       } else {

-- 
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" <commits@trafficserver.apache.org>'].

Reply via email to