Kit Chan created TS-3305:
----------------------------
Summary: minor bugs in ats lua plugin with respect to
Key: TS-3305
URL: https://issues.apache.org/jira/browse/TS-3305
Project: Traffic Server
Issue Type: Bug
Components: Lua, Plugins
Reporter: Kit Chan
a minor bugs in ATS lua plugin,
In plugins/experimental/ts_lua/ts_lua.c line 89:
if (fn) {
sprintf(conf->script, "%s", argv[2]);
} else {
conf->content = argv[2];
}
line: 358
sprintf(conf->script, "%s", argv[1]);
"sprintf" is extremely dangerous and deprecated ,should be replaced with
"snprintf".
And it would be better ( less confused ) if a '\0' is always added to the
buffer after strncpy:
e.g:
if (argc < 3) {
strncpy(errbuf, "[TSRemapNewInstance] - lua script file or string is
required !!", errbuf_size - 1);
return TS_ERROR;
}
Should be:
if (argc < 3) {
strncpy(errbuf, "[TSRemapNewInstance] - lua script file or string is
required !!", errbuf_size - 1);
errbuf[errbuf_size - 1] = '\0';
return TS_ERROR;
}
Because strncpy doesn't guarantee null-termination. Now it works just because
errbuf is large enough(2048 bytes)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
