Hi Cyril, On Mon, Nov 30, 2009 at 12:53:34AM +0100, Cyril Bonté wrote: > > Could you please check on your side and confirm/infirm my doubts ? > > Basically I want to ensure we never dereference the buffer past its > > end, so begin+len bust always be below the buffer size. If you think > > a control is missing, we can merge it as a separate patch because > > it's already missing in current code then. > > Previously, the function was called with : > get_srv_from_appsession(s, &req->data[msg->som], msg->sl.rq.l); > > I assume that msg->sl.rq variables are already correctly calculated and that > we can replace this call with : > get_srv_from_appsession(s, &req->data[msg->som + msg->sl.rq.u], > msg->sl.rq.u_l); > > This allows to parse only the URL, skipping the http method and the protocol. > I believe this should always be contained in the buffer size. > The parser will then restrict to this area when it will extract the session > value (It was missing in the previous code). > > Did I understand what you wanted to know ?
Yes, that's fine then, thanks for the check. > > I'm just waiting for your response on this possible issue and I'm > > OK to merge it. Please tell me if you'd prefer to resend a different > > patch with the cosmetic changes or if I can do them myself. While > > you're at it, I noticed a mis-indented "if" statement alone in the > > remaining part. Also something I can fix if needed. > > It would be great if you can do this changes (to prevent several patch > versions in case I still leave some mis-indented code or misplaced comments > in the options constants). No problem, I will do that then. Anyway I would not ask you to resubmit for such minor things, but some people prefer to have the exact same version on their side as the one being committed, reason why I asked. Thanks! Willy
