[trafficserver] branch master updated: TS-4983: Buffer overflow in esi plugin

2016-10-18 Thread bcall 
This is an automated email from the ASF dual-hosted git repository.

bcall pushed a commit to branch master
in repository https://git-dual.apache.org/repos/asf/trafficserver.git

The following commit(s) were added to refs/heads/master by this push:
   new  42853eb   TS-4983: Buffer overflow in esi plugin
42853eb is described below

commit 42853eb84ceed6ddf5811cc2cd1a87be788d2483
Author: Bryan Call 
AuthorDate: Tue Oct 18 13:36:31 2016 -0700

TS-4983: Buffer overflow in esi plugin
---
 plugins/esi/lib/EsiParser.cc | 7 ++-
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/plugins/esi/lib/EsiParser.cc b/plugins/esi/lib/EsiParser.cc
index 24556b3..353c457 100644
--- a/plugins/esi/lib/EsiParser.cc
+++ b/plugins/esi/lib/EsiParser.cc
@@ -265,7 +265,6 @@ EsiParser::_parse(const string &data, int &parse_start_pos, 
DocNodeList &node_li
 {
   size_t orig_list_size = node_list.size();
   size_t curr_pos, end_pos;
-  const char *data_ptr;
   const char *const data_start_ptr = data.data();
   size_t data_size = data.size();
   const EsiNodeInfo *node_info;
@@ -300,12 +299,10 @@ EsiParser::_parse(const string &data, int 
&parse_start_pos, DocNodeList &node_li
 
 if (is_html_comment_node) {
   _debugLog(_debug_tag, "[%s] Found html comment tag at position %d", 
__FUNCTION__, curr_pos);
-  data_ptr  = data_start_ptr + curr_pos;
   node_info = &HTML_COMMENT_NODE_INFO;
   ++curr_pos;
 } else {
   curr_pos += ESI_TAG_PREFIX_LEN;
-  data_ptr = data_start_ptr + curr_pos;
 
   for (node_info = ESI_NODES; node_info->type != DocNode::TYPE_UNKNOWN; 
++node_info) {
 search_result = _compareData(data, curr_pos, node_info->tag_suffix, 
node_info->tag_suffix_len);
@@ -336,7 +333,7 @@ EsiParser::_parse(const string &data, int &parse_start_pos, 
DocNodeList &node_li
 }
   }
   if (node_info->type == DocNode::TYPE_UNKNOWN) {
-_errorLog("[%s] Unknown ESI tag starting with [%.10s]...", 
__FUNCTION__, data_ptr - ESI_TAG_PREFIX_LEN);
+_errorLog("[%s] Unknown ESI tag starting with [%10s]...", 
__FUNCTION__, data.c_str());
 goto lFail;
   }
 }
@@ -346,7 +343,7 @@ EsiParser::_parse(const string &data, int &parse_start_pos, 
DocNodeList &node_li
 
 if ((search_result == NO_MATCH) || (search_result == PARTIAL_MATCH)) {
   if (last_chunk) {
-_errorLog("[%s] ESI tag starting with [%.10s]... has no matching 
closing tag [%.*s]", __FUNCTION__, data.c_str(),
+_errorLog("[%s] ESI tag starting with [%10s]... has no matching 
closing tag [%.*s]", __FUNCTION__, data.c_str(),
   node_info->closing_tag_len, node_info->closing_tag);
 goto lFail;
   } else {

-- 
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" '].

[trafficserver] branch master updated: TS-4983: Buffer overflow in esi plugin

2016-10-18 Thread bcall 
This is an automated email from the ASF dual-hosted git repository.

bcall pushed a commit to branch master
in repository https://git-dual.apache.org/repos/asf/trafficserver.git

The following commit(s) were added to refs/heads/master by this push:
   new  52510b9   TS-4983: Buffer overflow in esi plugin
52510b9 is described below

commit 52510b917301a6820d14cc48dba73541474f0a02
Author: Bryan Call 
AuthorDate: Tue Oct 18 13:07:51 2016 -0700

TS-4983: Buffer overflow in esi plugin
---
 plugins/esi/lib/EsiParser.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/plugins/esi/lib/EsiParser.cc b/plugins/esi/lib/EsiParser.cc
index 2c3c5cd..24556b3 100644
--- a/plugins/esi/lib/EsiParser.cc
+++ b/plugins/esi/lib/EsiParser.cc
@@ -346,8 +346,8 @@ EsiParser::_parse(const string &data, int &parse_start_pos, 
DocNodeList &node_li
 
 if ((search_result == NO_MATCH) || (search_result == PARTIAL_MATCH)) {
   if (last_chunk) {
-_errorLog("[%s] ESI tag starting with [%.10s]... has no matching 
closing tag [%.*s]", __FUNCTION__,
-  data_ptr - ESI_TAG_PREFIX_LEN, node_info->closing_tag_len, 
node_info->closing_tag);
+_errorLog("[%s] ESI tag starting with [%.10s]... has no matching 
closing tag [%.*s]", __FUNCTION__, data.c_str(),
+  node_info->closing_tag_len, node_info->closing_tag);
 goto lFail;
   } else {
 goto lPartialMatch;

-- 
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" '].