You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2020/06/09 19:24:33 UTC
[trafficserver] branch 8.1.x updated: Fix pointer overflow in XPACK
This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 8.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/8.1.x by this push:
new 118e388 Fix pointer overflow in XPACK
118e388 is described below
commit 118e388ae42ca8f16896ca6bfd53db7ff72b3ebe
Author: Masaori Koshiba <ma...@apache.org>
AuthorDate: Fri Jun 5 21:35:02 2020 +0900
Fix pointer overflow in XPACK
(cherry picked from commit c20125eba5594fcc18305ee14e25e7ce4eb2d4d2)
---
proxy/hdrs/XPACK.cc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/proxy/hdrs/XPACK.cc b/proxy/hdrs/XPACK.cc
index e987479..009d5bd 100644
--- a/proxy/hdrs/XPACK.cc
+++ b/proxy/hdrs/XPACK.cc
@@ -82,7 +82,7 @@ xpack_decode_string(Arena &arena, char **str, uint64_t &str_length, const uint8_
}
p += len;
- if ((p + encoded_string_len) > buf_end) {
+ if (buf_end < p || static_cast<uint64_t>(buf_end - p) < encoded_string_len) {
return XPACK_ERROR_COMPRESSION_ERROR;
}