You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2017/07/25 17:56:45 UTC
[trafficserver] 05/05: Prevent HSTS headers from including the
terminating null byte.
This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 7.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 95d120d1736d7786381a1826c90b6c4b5389d231
Author: Alan M. Carroll <am...@apache.org>
AuthorDate: Thu Jul 20 21:03:20 2017 -0500
Prevent HSTS headers from including the terminating null byte.
(cherry picked from commit 1c9af58d8eff2ad4b9ed042d98af52d16d86dfb2)
---
proxy/http/HttpTransactHeaders.cc | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/proxy/http/HttpTransactHeaders.cc b/proxy/http/HttpTransactHeaders.cc
index db49bee..555e438 100644
--- a/proxy/http/HttpTransactHeaders.cc
+++ b/proxy/http/HttpTransactHeaders.cc
@@ -842,8 +842,8 @@ void
HttpTransactHeaders::insert_hsts_header_in_response(HttpTransact::State *s, HTTPHdr *header)
{
char new_hsts_string[64];
- char *hsts_string = new_hsts_string;
- const char include_subdomains[] = "; includeSubDomains";
+ char *hsts_string = new_hsts_string;
+ constexpr char include_subdomains[] = "; includeSubDomains";
// add max-age
int length = snprintf(new_hsts_string, sizeof(new_hsts_string), "max-age=%" PRId64, s->txn_conf->proxy_response_hsts_max_age);
@@ -851,8 +851,8 @@ HttpTransactHeaders::insert_hsts_header_in_response(HttpTransact::State *s, HTTP
// add include subdomain if set
if (s->txn_conf->proxy_response_hsts_include_subdomains) {
hsts_string += length;
- memcpy(hsts_string, include_subdomains, sizeof(include_subdomains));
- length += sizeof(include_subdomains);
+ memcpy(hsts_string, include_subdomains, sizeof(include_subdomains) - 1);
+ length += sizeof(include_subdomains) - 1;
}
header->value_set(MIME_FIELD_STRICT_TRANSPORT_SECURITY, MIME_LEN_STRICT_TRANSPORT_SECURITY, new_hsts_string, length);
--
To stop receiving notification emails like this one, please contact
"commits@trafficserver.apache.org" <co...@trafficserver.apache.org>.