You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@trafficserver.apache.org by zw...@apache.org on 2020/06/09 19:24:33 UTC

[trafficserver] branch 8.1.x updated: Fix pointer overflow in XPACK

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 8.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/8.1.x by this push:
     new 118e388  Fix pointer overflow in XPACK
118e388 is described below

commit 118e388ae42ca8f16896ca6bfd53db7ff72b3ebe
Author: Masaori Koshiba <ma...@apache.org>
AuthorDate: Fri Jun 5 21:35:02 2020 +0900

    Fix pointer overflow in XPACK
    
    (cherry picked from commit c20125eba5594fcc18305ee14e25e7ce4eb2d4d2)
---
 proxy/hdrs/XPACK.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/proxy/hdrs/XPACK.cc b/proxy/hdrs/XPACK.cc
index e987479..009d5bd 100644
--- a/proxy/hdrs/XPACK.cc
+++ b/proxy/hdrs/XPACK.cc
@@ -82,7 +82,7 @@ xpack_decode_string(Arena &arena, char **str, uint64_t &str_length, const uint8_
   }
   p += len;
 
-  if ((p + encoded_string_len) > buf_end) {
+  if (buf_end < p || static_cast<uint64_t>(buf_end - p) < encoded_string_len) {
     return XPACK_ERROR_COMPRESSION_ERROR;
   }