This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 9494dc4 Coverity 1373301: Untrusted loop bound
9494dc4 is described below
commit 9494dc41f92fda6652e9d76fd5aa07071b40e999
Author: Gancho Tenev <[email protected]>
AuthorDate: Thu May 11 14:34:09 2017 -0700
Coverity 1373301: Untrusted loop bound
Problem:
CID 1373301 (#1 of 1): Untrusted loop bound (TAINTED_SCALAR)
17. tainted_data: Using tainted variable msg_len as a loop boundary.
Fix:
Added check for p < ws_buf_.size() to make sure improper msg_len
(user input) would not lead to out of scope write.
---
example/cppapi/websocket/WSBuffer.cc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/example/cppapi/websocket/WSBuffer.cc
b/example/cppapi/websocket/WSBuffer.cc
index 2609f34..cfa7b4a 100644
--- a/example/cppapi/websocket/WSBuffer.cc
+++ b/example/cppapi/websocket/WSBuffer.cc
@@ -135,7 +135,7 @@ WSBuffer::read_buffered_message(std::string &message, int
&code)
// Apply any mask.
if (mask_len) {
- for (size_t i = 0, p = pos; i < msg_len; ++i, ++p) {
+ for (size_t i = 0, p = pos; i < msg_len && p < ws_buf_.size(); ++i, ++p) {
ws_buf_[p] ^= mask[i & 3];
}
}
--
To stop receiving notification emails like this one, please contact
['"[email protected]" <[email protected]>'].
