Copilot commented on code in PR #13013:
URL: https://github.com/apache/trafficserver/pull/13013#discussion_r2976621778
##########
plugins/experimental/ja4_fingerprint/plugin.cc:
##########
@@ -444,7 +444,7 @@ handle_vconn_close(TSCont /* cont ATS_UNUSED */, TSEvent
event, void *edata)
return TS_SUCCESS;
}
TSVConn const ssl_vc{static_cast<TSVConn>(edata)};
- delete static_cast<std::string *>(TSUserArgGet(ssl_vc,
*get_user_arg_index()));
+ delete static_cast<JA4_data *>(TSUserArgGet(ssl_vc, *get_user_arg_index()));
TSUserArgSet(ssl_vc, *get_user_arg_index(), nullptr);
Review Comment:
TSUserArgSet() stores a JA4_data* (see handle_client_hello), and this change
updates the VCONN_CLOSE cleanup accordingly. However, handle_read_request_hdr
still retrieves the same user arg as std::string*, so it will reinterpret a
JA4_data object as a std::string and can crash or read invalid memory. Update
the read-request hook to fetch JA4_data* (or store only a std::string*
consistently) and pass/use the fingerprint member accordingly.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
