This is an automated email from the ASF dual-hosted git repository.
bneradt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 90e2d1dd66 stats_over_http: fix incorrect use of C string functions
(#12722)
90e2d1dd66 is described below
commit 90e2d1dd66fb5da34d927c52e0b77b30feb47764
Author: Brian Neradt <[email protected]>
AuthorDate: Mon Dec 8 16:01:34 2025 -0600
stats_over_http: fix incorrect use of C string functions (#12722)
The strstr() calls were being passed strings returned from
TSMimeHdrFieldValueStringGet, which returns a non-null-terminated
string. This could lead to reading uninitialized memory.
Fix this by using std::string_view with its find() method to search
within the non-null-terminated string without requiring a copy.
This takes over the work started by @vuori in #12634.
---
plugins/stats_over_http/stats_over_http.cc | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/plugins/stats_over_http/stats_over_http.cc
b/plugins/stats_over_http/stats_over_http.cc
index 92ab44c653..b02b17c44e 100644
--- a/plugins/stats_over_http/stats_over_http.cc
+++ b/plugins/stats_over_http/stats_over_http.cc
@@ -806,17 +806,19 @@ stats_origin(TSCont contp, TSEvent /* event ATS_UNUSED
*/, void *edata)
accept_encoding_field = TSMimeHdrFieldFind(reqp, hdr_loc,
TS_MIME_FIELD_ACCEPT_ENCODING, TS_MIME_LEN_ACCEPT_ENCODING);
my_state->encoding = encoding_format_t::NONE;
if (accept_encoding_field != TS_NULL_MLOC) {
- int len = -1;
- const char *str = TSMimeHdrFieldValueStringGet(reqp, hdr_loc,
accept_encoding_field, -1, &len);
- if (len >= TS_HTTP_LEN_DEFLATE && strstr(str, TS_HTTP_VALUE_DEFLATE) !=
nullptr) {
+ int len = -1;
+ const char *str = TSMimeHdrFieldValueStringGet(reqp, hdr_loc,
accept_encoding_field, -1, &len);
+ std::string_view accept_encoding =
+ (str != nullptr && len > 0) ? std::string_view{str,
static_cast<size_t>(len)} : std::string_view{};
+ if (len >= TS_HTTP_LEN_DEFLATE &&
accept_encoding.find(TS_HTTP_VALUE_DEFLATE) != std::string_view::npos) {
Dbg(dbg_ctl, "Saw deflate in accept encoding");
my_state->encoding = init_gzip(my_state, DEFLATE_MODE);
- } else if (len >= TS_HTTP_LEN_GZIP && strstr(str, TS_HTTP_VALUE_GZIP) !=
nullptr) {
+ } else if (len >= TS_HTTP_LEN_GZIP &&
accept_encoding.find(TS_HTTP_VALUE_GZIP) != std::string_view::npos) {
Dbg(dbg_ctl, "Saw gzip in accept encoding");
my_state->encoding = init_gzip(my_state, GZIP_MODE);
}
#if HAVE_BROTLI_ENCODE_H
- else if (len >= TS_HTTP_LEN_BROTLI && strstr(str, TS_HTTP_VALUE_BROTLI) !=
nullptr) {
+ else if (len >= TS_HTTP_LEN_BROTLI &&
accept_encoding.find(TS_HTTP_VALUE_BROTLI) != std::string_view::npos) {
Dbg(dbg_ctl, "Saw br in accept encoding");
my_state->encoding = init_br(my_state);
}
