From github-return-1415-archive-asf-public=cust-asf.ponee.io@trafficserver.apache.org Wed Jul 1 00:45:23 2020 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id D03EC180643 for ; Wed, 1 Jul 2020 02:45:22 +0200 (CEST) Received: (qmail 99151 invoked by uid 500); 1 Jul 2020 00:45:22 -0000 Mailing-List: contact github-help@trafficserver.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: github@trafficserver.apache.org Delivered-To: mailing list github@trafficserver.apache.org Received: (qmail 99134 invoked by uid 99); 1 Jul 2020 00:45:22 -0000 Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 01 Jul 2020 00:45:22 +0000 From: =?utf-8?q?GitBox?= To: github@trafficserver.apache.org Subject: =?utf-8?q?=5BGitHub=5D_=5Btrafficserver=5D_masaori335_commented_on_a_change_?= =?utf-8?q?in_pull_request_=236950=3A_Prevent_buffer_overflow_during_log_fil?= =?utf-8?q?ter_actions?= Message-ID: <159356432210.29655.11908869536171878356.asfpy@gitbox.apache.org> Date: Wed, 01 Jul 2020 00:45:22 -0000 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit In-Reply-To: References: masaori335 commented on a change in pull request #6950: URL: https://github.com/apache/trafficserver/pull/6950#discussion_r448054921 ########## File path: proxy/logging/LogAccess.cc ########## @@ -1162,7 +1162,7 @@ void LogAccess::set_client_req_unmapped_url_canon(char *buf, int len) { if (buf && m_client_req_unmapped_url_canon_str) { - m_client_req_unmapped_url_canon_len = len; + m_client_req_unmapped_url_canon_len = std::min(len, m_client_req_unmapped_url_canon_len); ink_strlcpy(m_client_req_unmapped_url_canon_str, buf, m_client_req_unmapped_url_canon_len + 1); Review comment: I agree with this change fix the buffer overflow. What I'm wondering is this function will call `ink_strlcpy` like below under the conditions. ``` ink_strlcpy(INVALID_STR, buf, 1); ``` It might not be harmful, but meaningless. The current checks in 1164 is only for nullptr. This doesn't work for `INVALID_STR`, right? It looks better to check `m_client_req_unmapped_url_canon_str` is `INVALID_STR` or not too. ``` if (buf && m_client_req_unmapped_url_canon_str && m_client_req_unmapped_url_canon_str != INVALID_STR) { ``` or ``` if (buf && m_client_req_unmapped_url_canon_str && m_client_req_unmapped_url_canon_len > 0) { ``` ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: users@infra.apache.org