Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CID 1367528: Security best practices violations (STRING_OVERFLOW): http/HttpTransactHeaders.cc #1281

Closed
zwoop opened this issue Dec 31, 2016 · 1 comment
Closed

CID 1367528: Security best practices violations (STRING_OVERFLOW): http/HttpTransactHeaders.cc #1281

zwoop opened this issue Dec 31, 2016 · 1 comment
Assignees
@SolidWallOfCode
Labels
Coverity HTTP

Comments

@zwoop
Copy link
Contributor

zwoop commented Dec 31, 2016 

*** CID 1367528:  Security best practices violations  (STRING_OVERFLOW)
/proxy/http/HttpTransactHeaders.cc: 820 in HttpTransactHeaders::insert_via_header_in_response(HttpTransact::State *, HTTPHdr *)()
814     
815       char *incoming_via = s->via_string;
816     
817       const char *proto_buf[10]; // 10 seems like a reasonable number of protos to print
818       int retval = s->state_machine->populate_client_protocol(proto_buf, countof(proto_buf));
819       for (int i = 0; i < retval; i++) {
   CID 1367528:  Security best practices violations  (STRING_OVERFLOW)
   You might overrun the 1024-character fixed-size string "via_string" by copying "proto_buf[i]" without checking the length.
820         memcpy(via_string, proto_buf[i], strlen(proto_buf[i]));
821         via_string += strlen(proto_buf[i]);
822         *via_string++ = ' ';
823       }
824     
825       via_string += nstrcpy(via_string, s->http_config_param->proxy_hostname);
@zwoop zwoop added the Coverity label Dec 31, 2016
@zwoop zwoop added this to the 7.1.0 milestone Dec 31, 2016
@zwoop zwoop added the HTTP label Dec 31, 2016
@zwoop zwoop modified the milestones: 7.1.0, 7.2.0 Jan 8, 2017
@PSUdaemon PSUdaemon modified the milestone: 7.2.0 Jan 8, 2017
@zwoop zwoop modified the milestones: 7.2.0, 8.0.0 Apr 25, 2017
@SolidWallOfCode
Copy link
Member

I think this is fixed by #2107.

@SolidWallOfCode SolidWallOfCode self-assigned this Jun 12, 2017
@zwoop zwoop modified the milestone: 8.0.0 Jun 21, 2017
@zwoop zwoop closed this as completed Jun 21, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SolidWallOfCode SolidWallOfCode

Labels
Coverity HTTP
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@zwoop @PSUdaemon @SolidWallOfCode