You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@trafficserver.apache.org by zw...@apache.org on 2017/07/25 17:56:45 UTC

[trafficserver] 05/05: Prevent HSTS headers from including the terminating null byte.

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 7.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

commit 95d120d1736d7786381a1826c90b6c4b5389d231
Author: Alan M. Carroll <am...@apache.org>
AuthorDate: Thu Jul 20 21:03:20 2017 -0500

    Prevent HSTS headers from including the terminating null byte.
    
    (cherry picked from commit 1c9af58d8eff2ad4b9ed042d98af52d16d86dfb2)
---
 proxy/http/HttpTransactHeaders.cc | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/proxy/http/HttpTransactHeaders.cc b/proxy/http/HttpTransactHeaders.cc
index db49bee..555e438 100644
--- a/proxy/http/HttpTransactHeaders.cc
+++ b/proxy/http/HttpTransactHeaders.cc
@@ -842,8 +842,8 @@ void
 HttpTransactHeaders::insert_hsts_header_in_response(HttpTransact::State *s, HTTPHdr *header)
 {
   char new_hsts_string[64];
-  char *hsts_string               = new_hsts_string;
-  const char include_subdomains[] = "; includeSubDomains";
+  char *hsts_string                   = new_hsts_string;
+  constexpr char include_subdomains[] = "; includeSubDomains";
 
   // add max-age
   int length = snprintf(new_hsts_string, sizeof(new_hsts_string), "max-age=%" PRId64, s->txn_conf->proxy_response_hsts_max_age);
@@ -851,8 +851,8 @@ HttpTransactHeaders::insert_hsts_header_in_response(HttpTransact::State *s, HTTP
   // add include subdomain if set
   if (s->txn_conf->proxy_response_hsts_include_subdomains) {
     hsts_string += length;
-    memcpy(hsts_string, include_subdomains, sizeof(include_subdomains));
-    length += sizeof(include_subdomains);
+    memcpy(hsts_string, include_subdomains, sizeof(include_subdomains) - 1);
+    length += sizeof(include_subdomains) - 1;
   }
 
   header->value_set(MIME_FIELD_STRICT_TRANSPORT_SECURITY, MIME_LEN_STRICT_TRANSPORT_SECURITY, new_hsts_string, length);

-- 
To stop receiving notification emails like this one, please contact
"commits@trafficserver.apache.org" <co...@trafficserver.apache.org>.