You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Leif Hedstrom (JIRA)" <ji...@apache.org> on 2013/03/23 17:03:15 UTC

[jira] [Comment Edited] (TS-1660) Host field should not has c style terminator

    [ https://issues.apache.org/jira/browse/TS-1660?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13611746#comment-13611746 ] 

Leif Hedstrom edited comment on TS-1660 at 3/23/13 4:01 PM:
------------------------------------------------------------

Weijin: I need to think about this some more. Under what conditions can the \0 show up in the Host: header?

One thing I'm thinking is that we should add API checks for our APIs that modifies URLs and header (with this strchr), e.g. a
{code}
TSReturnCode
sdk_sanity_check_ats_string(const char* s, int len) {
   return memchr(s, '\0', len) ? TSError : TS_SUCCESS;
}
{code}


And then use this throughout the InkAPI.cc where we e.g. set header values etc. This provides excellent sanity checks around the APIs, and can become a NO-OP if so desired at compile time.

I've had a bug where I ended up setting a header with a \0 in there, and it wrecked havoc in logging. I think we added a check for that in the logging, but ideally, we'd only make checks upon setting data, not when using it (rather check once, than many times).
                
      was (Author: zwoop):
    Weijin: I need to think about this some more. Under what conditions can the \0 show up in the Host: header?

One thing I'm thinking is that we should add API checks for our APIs that modifies URLs and header (with this strchr), e.g. a

TSReturnCode
sdk_sanity_check_ats_string(const char* s, int len) {
   return memchr(s, '\0', len) ? TSError : TS_SUCCESS;
}


And then use this throughout the InkAPI.cc where we e.g. set header values etc. This provides excellent sanity checks around the APIs, and can become a NO-OP if so desired at compile time.

I've had a bug where I ended up setting a header with a \0 in there, and it wrecked havoc in logging. I think we added a check for that in the logging, but ideally, we'd only make checks upon setting data, not when using it (rather check once, than many times).
                  
> Host field should not has c style terminator 
> ---------------------------------------------
>
>                 Key: TS-1660
>                 URL: https://issues.apache.org/jira/browse/TS-1660
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: HTTP
>            Reporter: weijin
>            Assignee: Leif Hedstrom
>             Fix For: 3.3.2
>
>         Attachments: ts-1660.diff
>
>
> if host field of client has c style terminator, it may lead to serious problems (e.g. ats use c string to do hostdb lookup). 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira