You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Phil Sorber (JIRA)" <ji...@apache.org> on 2015/05/19 21:28:59 UTC

[jira] [Closed] (TS-3621) url_sig plugin crashes on bad input

     [ https://issues.apache.org/jira/browse/TS-3621?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Phil Sorber closed TS-3621.
---------------------------
       Resolution: Duplicate
    Fix Version/s:     (was: 6.0.0)

Sorry, this was already fixed in master. By me no less...

> url_sig plugin crashes on bad input
> -----------------------------------
>
>                 Key: TS-3621
>                 URL: https://issues.apache.org/jira/browse/TS-3621
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: Plugins
>            Reporter: Phil Sorber
>            Assignee: Phil Sorber
>
> {noformat}
> (gdb) bt full
> #0  TSRemapNewInstance (argc=<value optimized out>, argv=<value optimized out>, ih=<value optimized out>, errbuf=0x7fff4d986600 "", errbuf_size=2047) at url_sig.c:114
>         pos = 0x0
>         value = <value optimized out>
>         config_file = "/opt/trafficserver/etc/trafficserver/url_sig_nbcsg-live-west-tba.config", '\000' <repeats 417 times>"\266, \222\021G5+", '\000' <repeats 26 times>"\266, \222\021G5+\000\000\037\000\000\000\000\000\000\000\266\222\021G5+\000\000\351\200\"\313\000\000\000\000\000\a\230M\377\177\000\000\037\000\000\000\000\000\000\000x\rFK5+\000\000(|\372!\000\000\000\000Ǜ\021G5+\000\000\026S\n\316\000\000\000\000\360\351\207\000\000\000\000\000(\000\000\000\065+\000\000\364kSI5+\000\000\000\000\000\000\000\000\000\000\200\b\230M\377\177\000\000\270wSI5"...
>         i = <value optimized out>
>         cfg = 0x4545a20
>         install_dir = <value optimized out>
>         file = 0x4546a50
>         line = "<!--\n\000\000\000\244\022\350G5+\000\000P\016\350G5+\000\000\062\000\000\000\000\000\000\000\267?S\004\000\000\000\000\300\317Y\003\000\000\000\000\240\022S\004\000\000\000\000\240\022S\004\000\000\000\000\020\vX\003\000\000\000\000\020p\306K5+\000\000\000n\230M\377\177\000\000\002\000\000\000\000\000\000\000\000V\230M\377\177\000\000\240A\242\000\000\000\000\000\005\000\000\000\000\000\000\000\001", '\000' <repeats 15 times>, "p", '\000' <repeats 31 times>, "\005\000\000\000\061\000\000\000[\000\000\000|\000\000\000w\000\000\000n\000\000\000\064\000\000\000\000\000\000\000=\000\000\000\000\000\000\000=\000\000\000\000\000\000\000\200.\006J5+\000\000=\000\000\000\000\000\000\000\200:T\004\000\000\000\000\002\000\000\000\000\000\000\000\241"...
>         line_no = 1
>         keynum = <value optimized out>
> {noformat}
> {noformat}
> (gdb) l
> 109	      continue;
> 110	    char *pos = strchr(line, '=');
> 111	    if (pos == NULL) {
> 112	      TSError("Error parsing line %d of file %s (%s).", line_no, config_file, line);
> 113	    }
> 114	    *pos = '\0';
> 115	    char *value = pos + 1;
> 116	    while (isspace(*value))     // remove whitespace
> 117	      value++;
> 118	    pos = strchr(value, '\n');  // remove the new line, terminate the string
> {noformat}
> We can deref pos when it is NULL



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)