BUG/MEDIUM: 51d: possible incorrect operations on smp->data.str.str

In src/51d.c, the function _51d_conv(), a final '\0' is added into
smp->data.str.str, which can cause a problem if the SMP_F_CONST flag is
set in smp->flags or if smp->data.str.size is not available.

This patch adds a check on smp->flags and smp->data.str.size, and copies
the smp->data.str.str to another buffer by using smp_dup(). If necessary,
the "const" flag is set after device detection. Also, this patch removes
the unnecessary call to chunk_reset() on temp argument.
This commit is contained in:
Dragan Dosen 2015-07-07 16:10:43 +02:00 committed by Willy Tarreau
parent 2fbcafc9ce
commit 96a0be78ed

View File

@ -127,6 +127,7 @@ static int _51d_conv(const struct arg *args, struct sample *smp, void *private)
lru = lru64_get(XXH64(smp->data.str.str, smp->data.str.len, seed),
_51d_lru_tree, global._51degrees.data_file_path, 0);
if (lru && lru->domain) {
smp->flags |= SMP_F_CONST;
smp->data.str.str = lru->data;
smp->data.str.len = strlen(smp->data.str.str);
return 1;
@ -140,6 +141,10 @@ static int _51d_conv(const struct arg *args, struct sample *smp, void *private)
return 0;
#endif
/* Duplicate the data and remove the "const" flag before device detection. */
if (!smp_dup(smp))
return 0;
smp->data.str.str[smp->data.str.len] = '\0';
/* Perform detection. */
@ -152,7 +157,6 @@ static int _51d_conv(const struct arg *args, struct sample *smp, void *private)
i = 0;
temp = get_trash_chunk();
chunk_reset(temp);
/* Loop through property names passed to the filter and fetch them from the dataset. */
while (args[i].data.str.str) {
@ -198,8 +202,10 @@ static int _51d_conv(const struct arg *args, struct sample *smp, void *private)
fiftyoneDegreesFreeWorkset(ws);
#endif
if (lru)
if (lru) {
smp->flags |= SMP_F_CONST;
lru64_commit(lru, strdup(smp->data.str.str), global._51degrees.data_file_path, 0, free);
}
return 1;
}