neosys007 opened a new pull request, #3353:
URL: https://github.com/apache/thrift/pull/3353
This PR packages the latest Thrift fixes into three small, reviewable
commits:
1. c_glib: reject oversized Unix socket paths
- Covers both thrift_socket_open() and thrift_server_socket_listen().
- [003] and Email 09 are the same sink family, so they are handled
together here.
- Adds regression coverage in lib/c_glib/test/testtransportsocket.c for
both client and server entry points.
2. c_glib: avoid fixed-size buffers in SSL error formatting
- Replaces the stack buffer / remaining-size counter logic in
thrift_ssl_socket_get_ssl_error() with a GString-based build-up so the counter
cannot underflow and later writes cannot walk past a fixed buffer.
3. compiler/cpp: bound saferealpath() output on Windows
- Makes saferealpath() size-aware and rejects Windows paths that do not
fit the caller buffer before copying them back.
Validation performed locally:
- git diff --check
- syntax-only compile for the changed C and C++ files
- c_glib syntax checks completed successfully; the SSL file still shows
pre-existing OpenSSL deprecation warnings, but no errors.
- compiler/cpp/src/thrift/main.cc syntax check completed successfully.
The work is based on the current upstream head at 3b0ab4d.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
