[
https://issues.apache.org/jira/browse/TS-1660?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Leif Hedstrom reopened TS-1660:
-------------------------------
Assignee: Leif Hedstrom (was: weijin)
Weijin: I need to think about this some more. Under what conditions can the \0
show up in the Host: header?
One thing I'm thinking is that we should add API checks for our APIs that
modifies URLs and header (with this strchr), e.g. a
TSReturnCode
sdk_sanity_check_ats_string(const char* s, int len) {
return memchr(s, '\0', len) ? TSError : TS_SUCCESS;
}
And then use this throughout the InkAPI.cc where we e.g. set header values etc.
This provides excellent sanity checks around the APIs, and can become a NO-OP
if so desired at compile time.
I've had a bug where I ended up setting a header with a \0 in there, and it
wrecked havoc in logging. I think we added a check for that in the logging, but
ideally, we'd only make checks upon setting data, not when using it (rather
check once, than many times).
> Host field should not has c style terminator
> ---------------------------------------------
>
> Key: TS-1660
> URL: https://issues.apache.org/jira/browse/TS-1660
> Project: Traffic Server
> Issue Type: Bug
> Components: HTTP
> Reporter: weijin
> Assignee: Leif Hedstrom
> Fix For: 3.3.2
>
> Attachments: ts-1660.diff
>
>
> if host field of client has c style terminator, it may lead to serious
> problems (e.g. ats use c string to do hostdb lookup).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
