You are viewing a plain text version of this content. The canonical link for it is here.

Posted to github@trafficserver.apache.org by GitBox <gi...@apache.org> on 2021/06/16 06:11:54 UTC

[GitHub] [trafficserver] masaori335 commented on pull request #7945: Fix dynamic-stack-buffer-overflow of cachekey plugin

masaori335 commented on pull request #7945:
URL: https://github.com/apache/trafficserver/pull/7945#issuecomment-862074440


   Good point. The `escapify_url_common()`, core function called by `TSStringPercentEncode()`, is checking the `dst_size` but not include null termination. This is why we got `dynamic-stack-buffer-overflow` on line 410.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org