You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2020/06/23 20:17:16 UTC
[trafficserver] branch 9.0.x updated: Ensure read_avail is set for
the first non-empty block (#6916)
This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new d1ee5ed Ensure read_avail is set for the first non-empty block (#6916)
d1ee5ed is described below
commit d1ee5ed6b717d1833860c26ebeb1b99a2dd3f7d4
Author: Sudheer Vinukonda <su...@apache.org>
AuthorDate: Thu Jun 18 14:42:49 2020 -0700
Ensure read_avail is set for the first non-empty block (#6916)
Also add defense to prevent Heap buffer overflow (from ASAN report in prod)
(cherry picked from commit f214fcfc6861706d0881abe4983a9ab8630f07f7)
---
src/traffic_server/FetchSM.cc | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/traffic_server/FetchSM.cc b/src/traffic_server/FetchSM.cc
index f682311..0cb2919 100644
--- a/src/traffic_server/FetchSM.cc
+++ b/src/traffic_server/FetchSM.cc
@@ -367,6 +367,10 @@ FetchSM::get_info_from_buffer(IOBufferReader *reader)
return;
}
+ /* Read the data out of the reader */
+ if (reader->block != NULL)
+ reader->skip_empty_blocks();
+
read_avail = reader->read_avail();
Debug(DEBUG_TAG, "[%s] total avail %" PRId64, __FUNCTION__, read_avail);
if (!read_avail) {
@@ -377,10 +381,6 @@ FetchSM::get_info_from_buffer(IOBufferReader *reader)
info = (char *)ats_malloc(sizeof(char) * (read_avail + 1));
client_response = info;
- /* Read the data out of the reader */
- if (reader->block != NULL)
- reader->skip_empty_blocks();
-
blk = reader->block.get();
// This is the equivalent of TSIOBufferBlockReadStart()
@@ -391,7 +391,7 @@ FetchSM::get_info_from_buffer(IOBufferReader *reader)
int bytes_used = 0;
header_done = 1;
if (client_response_hdr.parse_resp(&http_parser, reader, &bytes_used, 0) == PARSE_RESULT_DONE) {
- if (bytes_used > 0) {
+ if ((bytes_used > 0) && (bytes_used <= read_avail)) {
memcpy(info, buf, bytes_used);
info += bytes_used;
client_bytes += bytes_used;
@@ -418,7 +418,7 @@ FetchSM::get_info_from_buffer(IOBufferReader *reader)
buf = blk->start() + reader->start_offset;
read_done = blk->read_avail() - reader->start_offset;
- if (read_done > 0) {
+ if ((read_done > 0) && ((read_done <= read_avail))) {
memcpy(info, buf, read_done);
reader->consume(read_done);
read_avail -= read_done;
@@ -453,7 +453,7 @@ FetchSM::get_info_from_buffer(IOBufferReader *reader)
buf = blk->start() + reader->start_offset;
read_done = blk->read_avail() - reader->start_offset;
- if (read_done > 0) {
+ if ((read_done > 0) && (read_done <= read_avail)) {
memcpy(info, buf, read_done);
reader->consume(read_done);
read_avail -= read_done;