trafficserver-github mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [trafficserver] masaori335 commented on a change in pull request #6950: Prevent buffer overflow during log filter actions
Date Wed, 01 Jul 2020 00:45:22 GMT

masaori335 commented on a change in pull request #6950:
URL: https://github.com/apache/trafficserver/pull/6950#discussion_r448054921



##########
File path: proxy/logging/LogAccess.cc
##########
@@ -1162,7 +1162,7 @@ void
 LogAccess::set_client_req_unmapped_url_canon(char *buf, int len)
 {
   if (buf && m_client_req_unmapped_url_canon_str) {
-    m_client_req_unmapped_url_canon_len = len;
+    m_client_req_unmapped_url_canon_len = std::min(len, m_client_req_unmapped_url_canon_len);
     ink_strlcpy(m_client_req_unmapped_url_canon_str, buf, m_client_req_unmapped_url_canon_len
+ 1);

Review comment:
       I agree with this change fix the buffer overflow. 
   
   What I'm wondering is this function will call `ink_strlcpy` like below under the conditions.
   ```
   ink_strlcpy(INVALID_STR, buf, 1);
   ```
   It might not be harmful, but meaningless.
   
   The current checks in 1164 is only for nullptr. This doesn't work for `INVALID_STR`, right?
   It looks better to check `m_client_req_unmapped_url_canon_str` is `INVALID_STR` or not
too.
   ```
   if (buf && m_client_req_unmapped_url_canon_str && m_client_req_unmapped_url_canon_str
!= INVALID_STR) {
   ```
   or 
   ```
   if (buf && m_client_req_unmapped_url_canon_str && m_client_req_unmapped_url_canon_len
 > 0) {
   ```




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



Mime
View raw message