This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 7.1.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 554400a4d6433f5260204fd08a034eecc919ee83 Author: Phil Sorber <[email protected]> AuthorDate: Tue May 16 13:56:11 2017 -0600 Coverity CID #1367529 Copy into fixed size buffer (cherry picked from commit ba7066870c21736758c041b0315e8da90afd55d8) --- plugins/experimental/url_sig/url_sig.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/plugins/experimental/url_sig/url_sig.c b/plugins/experimental/url_sig/url_sig.c index 240c9a5..3dc0de1 100644 --- a/plugins/experimental/url_sig/url_sig.c +++ b/plugins/experimental/url_sig/url_sig.c @@ -16,6 +16,13 @@ limitations under the License. */ +#define min(a, b) \ + ({ \ + __typeof__(a) _a = (a); \ + __typeof__(b) _b = (b); \ + _a < _b ? _a : _b; \ + }) + #include "ts/ink_defs.h" #include "url_sig.h" @@ -254,18 +261,18 @@ err_log(char *url, char *msg) // See the README. All Signing parameters must be concatenated to the end // of the url and any application query parameters. static char * -getAppQueryString(char *query_string, int query_length) +getAppQueryString(char *query_string, unsigned int query_length) { int done = 0; char *p; char buf[MAX_QUERY_LEN]; - if (query_length > MAX_QUERY_LEN) { - TSDebug(PLUGIN_NAME, "Cannot process the query string as the length exceeds %d bytes.", MAX_QUERY_LEN); + if (query_length >= sizeof(buf)) { + TSDebug(PLUGIN_NAME, "Cannot process the query string as the length exceeds %d bytes", MAX_QUERY_LEN); return NULL; } memset(buf, 0, MAX_QUERY_LEN); - strncpy(buf, query_string, query_length); + strncpy(buf, query_string, min(query_length, sizeof(buf) - 1)); p = buf; TSDebug(PLUGIN_NAME, "query_string: %s, query_length: %d", query_string, query_length); @@ -391,7 +398,7 @@ TSRemapDoRemap(void *ih, TSHttpTxn txnp, TSRemapRequestInfo *rri) err_log(url, "IP address string too long or short."); goto deny; } - strncpy(client_ip, p + strlen(CIP_QSTRING) + 1, (pp - p - (strlen(CIP_QSTRING) + 1))); + strncpy(client_ip, p + strlen(CIP_QSTRING) + 1, min((pp - p - (strlen(CIP_QSTRING) + 1)), sizeof(client_ip) - 1)); client_ip[pp - p - (strlen(CIP_QSTRING) + 1)] = '\0'; TSDebug(PLUGIN_NAME, "CIP: -%s-", client_ip); retval = TSHttpTxnClientFdGet(txnp, &sockfd); @@ -486,8 +493,8 @@ TSRemapDoRemap(void *ih, TSHttpTxn txnp, TSRemapRequestInfo *rri) part = strtok_r(urltokstr, "/", &p); while (part != NULL) { if (parts[j] == '1') { - strcpy(signed_part + strlen(signed_part), part); - strcpy(signed_part + strlen(signed_part), "/"); + strncat(signed_part, part, sizeof(signed_part) - strlen(signed_part) - 1); + strncat(signed_part, "/", sizeof(signed_part) - strlen(signed_part) - 1); } if (parts[j + 1] == '0' || parts[j + 1] == '1') { // This remembers the last part, meaning, if there are no more valid letters in parts @@ -498,7 +505,7 @@ TSRemapDoRemap(void *ih, TSHttpTxn txnp, TSRemapRequestInfo *rri) signed_part[strlen(signed_part) - 1] = '?'; // chop off the last /, replace with '?' p = strstr(query, SIG_QSTRING "="); - strncat(signed_part, query, (p - query) + strlen(SIG_QSTRING) + 1); + strncat(signed_part, query, min((p - query) + strlen(SIG_QSTRING) + 1, sizeof(signed_part) - strlen(signed_part) - 1)); TSDebug(PLUGIN_NAME, "Signed string=\"%s\"", signed_part); -- To stop receiving notification emails like this one, please contact [email protected].
