From 614e68337d9f2c8821a104bfb188fb6540b52785 Mon Sep 17 00:00:00 2001 From: William Lallemand Date: Sun, 26 Sep 2021 18:12:43 +0200 Subject: [PATCH] BUG/MEDIUM: httpclient: replace ist0 by istptr ASAN reported a buffer overflow in the httpclient. This overflow is the consequence of ist0() which is incorrect here. Replace all occurences of ist0() by istptr() which is more appropried here since all ist in the httpclient were created from strings. --- src/http_client.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/http_client.c b/src/http_client.c index bafeafcac..ab83cdba4 100644 --- a/src/http_client.c +++ b/src/http_client.c @@ -173,7 +173,7 @@ static int hc_cli_io_handler(struct appctx *appctx) if (!trash) goto out; if (appctx->ctx.cli.i0 & HC_CLI_F_RES_STLINE) { - chunk_appendf(trash, "%s %d %s\n",ist0(hc->res.vsn), hc->res.status, ist0(hc->res.reason)); + chunk_appendf(trash, "%s %d %s\n",istptr(hc->res.vsn), hc->res.status, istptr(hc->res.reason)); if (ci_putchk(si_ic(si), trash) == -1) si_rx_room_blk(si); appctx->ctx.cli.i0 &= ~HC_CLI_F_RES_STLINE; @@ -338,9 +338,9 @@ struct appctx *httpclient_start(struct httpclient *hc) /* parse URI and fill sockaddr_storage */ /* FIXME: use a resolver */ - len = url2sa(ist0(hc->req.url), istlen(hc->req.url), &hc->dst, &out); + len = url2sa(istptr(hc->req.url), istlen(hc->req.url), &hc->dst, &out); if (len == -1) { - ha_alert("httpclient: cannot parse uri '%s'.\n", ist0(hc->req.url)); + ha_alert("httpclient: cannot parse uri '%s'.\n", istptr(hc->req.url)); goto out; }