From 96a0be78ed1a0d7a473c7f8a301174c3afdc06f6 Mon Sep 17 00:00:00 2001 From: Dragan Dosen Date: Tue, 7 Jul 2015 16:10:43 +0200 Subject: [PATCH] BUG/MEDIUM: 51d: possible incorrect operations on smp->data.str.str In src/51d.c, the function _51d_conv(), a final '\0' is added into smp->data.str.str, which can cause a problem if the SMP_F_CONST flag is set in smp->flags or if smp->data.str.size is not available. This patch adds a check on smp->flags and smp->data.str.size, and copies the smp->data.str.str to another buffer by using smp_dup(). If necessary, the "const" flag is set after device detection. Also, this patch removes the unnecessary call to chunk_reset() on temp argument. --- src/51d.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/51d.c b/src/51d.c index abb5cce9e..6f17c28b8 100644 --- a/src/51d.c +++ b/src/51d.c @@ -127,6 +127,7 @@ static int _51d_conv(const struct arg *args, struct sample *smp, void *private) lru = lru64_get(XXH64(smp->data.str.str, smp->data.str.len, seed), _51d_lru_tree, global._51degrees.data_file_path, 0); if (lru && lru->domain) { + smp->flags |= SMP_F_CONST; smp->data.str.str = lru->data; smp->data.str.len = strlen(smp->data.str.str); return 1; @@ -140,6 +141,10 @@ static int _51d_conv(const struct arg *args, struct sample *smp, void *private) return 0; #endif + /* Duplicate the data and remove the "const" flag before device detection. */ + if (!smp_dup(smp)) + return 0; + smp->data.str.str[smp->data.str.len] = '\0'; /* Perform detection. */ @@ -152,7 +157,6 @@ static int _51d_conv(const struct arg *args, struct sample *smp, void *private) i = 0; temp = get_trash_chunk(); - chunk_reset(temp); /* Loop through property names passed to the filter and fetch them from the dataset. */ while (args[i].data.str.str) { @@ -198,8 +202,10 @@ static int _51d_conv(const struct arg *args, struct sample *smp, void *private) fiftyoneDegreesFreeWorkset(ws); #endif - if (lru) + if (lru) { + smp->flags |= SMP_F_CONST; lru64_commit(lru, strdup(smp->data.str.str), global._51degrees.data_file_path, 0, free); + } return 1; }