[trafficserver] branch master updated: make sure open() and read() succeeded (#10273)

Mon, 09 Oct 2023 15:34:42 -0700 

This is an automated email from the ASF dual-hosted git repository.

bcall pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/master by this push:
     new 26affdad94 make sure open() and read() succeeded (#10273)
26affdad94 is described below

commit 26affdad9451da19782cdb3ff6ac881a54277410
Author: Fei Deng <f...@yahooinc.com>
AuthorDate: Mon Oct 9 18:33:33 2023 -0400

    make sure open() and read() succeeded (#10273)
---
 plugins/experimental/ssl_session_reuse/src/config.cc   |  3 +--
 plugins/experimental/ssl_session_reuse/src/ssl_init.cc | 11 +++++++----
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/plugins/experimental/ssl_session_reuse/src/config.cc 
b/plugins/experimental/ssl_session_reuse/src/config.cc
index b2a9814c7b..d83c60d783 100644
--- a/plugins/experimental/ssl_session_reuse/src/config.cc
+++ b/plugins/experimental/ssl_session_reuse/src/config.cc
@@ -82,12 +82,11 @@ Config::loadConfig(const std::string &filename)
       }
     }
 
-    close(fd);
-
     m_noConfig      = false;
     success         = true;
     m_alreadyLoaded = true;
   }
+  close(fd);
 
   return success;
 }
diff --git a/plugins/experimental/ssl_session_reuse/src/ssl_init.cc 
b/plugins/experimental/ssl_session_reuse/src/ssl_init.cc
index 961a017cfb..acfd2ea2a3 100644
--- a/plugins/experimental/ssl_session_reuse/src/ssl_init.cc
+++ b/plugins/experimental/ssl_session_reuse/src/ssl_init.cc
@@ -105,7 +105,7 @@ get_redis_auth_key(char *retKeyBuff, int buffSize)
   if (ssl_param.redis_auth_key_file.length()) {
     int fd = open(ssl_param.redis_auth_key_file.c_str(), O_RDONLY);
     struct stat info;
-    if (0 == fstat(fd, &info)) {
+    if (fd >= 0 && 0 == fstat(fd, &info)) {
       size_t n = info.st_size;
       std::string key_data;
       key_data.resize(n);
@@ -114,10 +114,13 @@ get_redis_auth_key(char *retKeyBuff, int buffSize)
       while (read_len > 1 && key_data[read_len - 1] == '\n') {
         --read_len;
       }
-      memset(retKeyBuff, 0, buffSize);
-      strncpy(retKeyBuff, key_data.c_str(), read_len);
-      retval = key_data.length();
+      if (read_len > 0 && read_len <= buffSize && 
static_cast<size_t>(read_len) <= key_data.length()) {
+        memset(retKeyBuff, 0, buffSize);
+        strncpy(retKeyBuff, key_data.c_str(), read_len);
+        retval = read_len;
+      }
     }
+    close(fd);
   } else {
     TSError("Can not get redis auth key.");
   }

Reply via email to