RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-03-06 19:38:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MEDIUM: httpclient: replace ist0 by istptr

Browse Source 
ASAN reported a buffer overflow in the httpclient. This overflow is the
consequence of ist0() which is incorrect here.

Replace all occurences of ist0() by istptr() which is more appropried
here since all ist in the httpclient were created from strings.
This commit is contained in:
William Lallemand 2021-09-26 18:12:43 +02:00
parent 4a4e663771
commit 614e68337d
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/http_client.c
View File

@ -173,7 +173,7 @@ static int hc_cli_io_handler(struct appctx *appctx)
if (!trash)
goto out;
if (appctx->ctx.cli.i0 & HC_CLI_F_RES_STLINE) {
chunk_appendf(trash, "%s %d %s\n",ist0(hc->res.vsn), hc->res.status, ist0(hc->res.reason));
chunk_appendf(trash, "%s %d %s\n",istptr(hc->res.vsn), hc->res.status, istptr(hc->res.reason));
if (ci_putchk(si_ic(si), trash) == -1)
si_rx_room_blk(si);
appctx->ctx.cli.i0 &= ~HC_CLI_F_RES_STLINE;
@ -338,9 +338,9 @@ struct appctx *httpclient_start(struct httpclient *hc)
/* parse URI and fill sockaddr_storage */
/* FIXME: use a resolver */
len = url2sa(ist0(hc->req.url), istlen(hc->req.url), &hc->dst, &out);
len = url2sa(istptr(hc->req.url), istlen(hc->req.url), &hc->dst, &out);
if (len == -1) {
ha_alert("httpclient: cannot parse uri '%s'.\n", ist0(hc->req.url));
ha_alert("httpclient: cannot parse uri '%s'.\n", istptr(hc->req.url));
goto out;
}