You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2018/03/12 17:55:03 UTC
[trafficserver] 01/08: Coverity CID #1367529 Copy into fixed size
buffer
This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 7.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 554400a4d6433f5260204fd08a034eecc919ee83
Author: Phil Sorber <so...@apache.org>
AuthorDate: Tue May 16 13:56:11 2017 -0600
Coverity CID #1367529 Copy into fixed size buffer
(cherry picked from commit ba7066870c21736758c041b0315e8da90afd55d8)
---
plugins/experimental/url_sig/url_sig.c | 23 +++++++++++++++--------
1 file changed, 15 insertions(+), 8 deletions(-)
diff --git a/plugins/experimental/url_sig/url_sig.c b/plugins/experimental/url_sig/url_sig.c
index 240c9a5..3dc0de1 100644
--- a/plugins/experimental/url_sig/url_sig.c
+++ b/plugins/experimental/url_sig/url_sig.c
@@ -16,6 +16,13 @@
limitations under the License.
*/
+#define min(a, b) \
+ ({ \
+ __typeof__(a) _a = (a); \
+ __typeof__(b) _b = (b); \
+ _a < _b ? _a : _b; \
+ })
+
#include "ts/ink_defs.h"
#include "url_sig.h"
@@ -254,18 +261,18 @@ err_log(char *url, char *msg)
// See the README. All Signing parameters must be concatenated to the end
// of the url and any application query parameters.
static char *
-getAppQueryString(char *query_string, int query_length)
+getAppQueryString(char *query_string, unsigned int query_length)
{
int done = 0;
char *p;
char buf[MAX_QUERY_LEN];
- if (query_length > MAX_QUERY_LEN) {
- TSDebug(PLUGIN_NAME, "Cannot process the query string as the length exceeds %d bytes.", MAX_QUERY_LEN);
+ if (query_length >= sizeof(buf)) {
+ TSDebug(PLUGIN_NAME, "Cannot process the query string as the length exceeds %d bytes", MAX_QUERY_LEN);
return NULL;
}
memset(buf, 0, MAX_QUERY_LEN);
- strncpy(buf, query_string, query_length);
+ strncpy(buf, query_string, min(query_length, sizeof(buf) - 1));
p = buf;
TSDebug(PLUGIN_NAME, "query_string: %s, query_length: %d", query_string, query_length);
@@ -391,7 +398,7 @@ TSRemapDoRemap(void *ih, TSHttpTxn txnp, TSRemapRequestInfo *rri)
err_log(url, "IP address string too long or short.");
goto deny;
}
- strncpy(client_ip, p + strlen(CIP_QSTRING) + 1, (pp - p - (strlen(CIP_QSTRING) + 1)));
+ strncpy(client_ip, p + strlen(CIP_QSTRING) + 1, min((pp - p - (strlen(CIP_QSTRING) + 1)), sizeof(client_ip) - 1));
client_ip[pp - p - (strlen(CIP_QSTRING) + 1)] = '\0';
TSDebug(PLUGIN_NAME, "CIP: -%s-", client_ip);
retval = TSHttpTxnClientFdGet(txnp, &sockfd);
@@ -486,8 +493,8 @@ TSRemapDoRemap(void *ih, TSHttpTxn txnp, TSRemapRequestInfo *rri)
part = strtok_r(urltokstr, "/", &p);
while (part != NULL) {
if (parts[j] == '1') {
- strcpy(signed_part + strlen(signed_part), part);
- strcpy(signed_part + strlen(signed_part), "/");
+ strncat(signed_part, part, sizeof(signed_part) - strlen(signed_part) - 1);
+ strncat(signed_part, "/", sizeof(signed_part) - strlen(signed_part) - 1);
}
if (parts[j + 1] == '0' ||
parts[j + 1] == '1') { // This remembers the last part, meaning, if there are no more valid letters in parts
@@ -498,7 +505,7 @@ TSRemapDoRemap(void *ih, TSHttpTxn txnp, TSRemapRequestInfo *rri)
signed_part[strlen(signed_part) - 1] = '?'; // chop off the last /, replace with '?'
p = strstr(query, SIG_QSTRING "=");
- strncat(signed_part, query, (p - query) + strlen(SIG_QSTRING) + 1);
+ strncat(signed_part, query, min((p - query) + strlen(SIG_QSTRING) + 1, sizeof(signed_part) - strlen(signed_part) - 1));
TSDebug(PLUGIN_NAME, "Signed string=\"%s\"", signed_part);
--
To stop receiving notification emails like this one, please contact
zwoop@apache.org.