TS-4470: ASAN stack-buffer-overflow when slow log is enabled #721
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Linux build successful! See https://ci.trafficserver.apache.org/job/Github-Linux/189/ for details. |
|
FreeBSD build successful! See https://ci.trafficserver.apache.org/job/Github-FreeBSD/298/ for details. |
| @@ -6890,7 +6890,8 @@ HttpSM::update_stats() | |||
| int offset = 0; | |||
| int skip = 0; | |||
|
|
|||
| t_state.hdr_info.client_request.url_print(url_string, sizeof url_string, &offset, &skip); | |||
| t_state.hdr_info.client_request.url_print(url_string, sizeof(url_string), &offset, &skip); | |||
| url_string[sizeof(url_string) - 1] = 0; // NULL terminate the string | |||
There was a problem hiding this comment.
Shouldn't this be url_string[offset] = 0;?
There was a problem hiding this comment.
Offset can have a max value of 256 so it would have to be min(sizeof(url_string) - 1, offset)
There was a problem hiding this comment.
The int HTTPHdr::url_print(char *buff, int length, int *offset, int *skip) only called here, can we define the output buffer ( buff ) is a '\0' terminated string?
JosiahWI
pushed a commit
to JosiahWI/trafficserver
that referenced
this pull request
Jul 19, 2023
* add a metric to track how often the range seek bug is detected (apache#8970) Co-authored-by: Chris McFarlen <cmcfarlen@apple.com> (cherry picked from commit b23e8a0) * Fix reverting PR#7302 (apache#8975) PR#7302 was reverted by PR#8316 as an incompatible change for 9.2.0. It looks like the revert commit has a mistake that made a crash by calling `HttpSM::send_origin_throttled_response()` twice. (cherry picked from commit 3cccd2d) * Fixes issue with file size calculation for existing logs (apache#8971) * Issue arises with existing log files at startup * Because the existing bytes are not accounted for, log rolling does not occur at the correct time * Existing code can lead to logging being suspended indefinitely without manual intervention if thresholds are exceeded and no rolled log files can be deleted * Corner case more evident when other data not rolled by ATS is present in the logging directory (cherry picked from commit 6225b12) * Proxy Verifier: Update to version 2.4.1 (apache#8965) This updates the Proxy Verifier version used by our AuTests to version v2.4.1. This Proxy Verifier version prints the ALPN used by the proxy (ATS in our case) to the server. This will allow us to verify ALPN behavior for an upcoming PR for HTTP/2 to origin. (cherry picked from commit fb02ef8) * Destroy ssl context after use. (apache#8531) As per the docs this needs to be released after use, this was missing from the cert_reporting_tool plugin. This also fixes the example in the docs. (cherry picked from commit 57015b7) * Extend milestone api time tracking to remap. (apache#8520) (cherry picked from commit a9405ac) * Add 5xx's to be allowed to be used for simple retries (apache#8518) * Add 5xx's to be allowed to be used for simple retries Remove unnecessary functions in transact for finding ranges Change PS response checking to not use internal state. Now pass in retry type and code (cherry picked from commit 30096b4) * Updated ChangeLog * Pin flask to version 2.1.3 (apache#9008) This resolves an AuTest Pipenv package dependency conflict for Werkzeug, which is used by httpbin. Latest versions of flask require newer versions of flask which conflicts with our pin to keep httpbin working. (cherry picked from commit 46c1a0a) * Add back validatation that the scheme matches the wire protocol (apache#9005) This adds back in the scheme and wire protocol check (see apache#8465) along with a configuration to be able to disable the check if the verification is not desired. (cherry picked from commit 7ec147e) * Ignore POST request case from a check for background fill (apache#9013) (cherry picked from commit 1f3e111) * Add content length mismatch check on handling HEADERS frame and CONTINUATION frame (apache#9012) * Add content length mismatch check on handling HEADERS frame and CONTINUATION frame * Correct error class of HTTP/2 malformed requests (cherry picked from commit e921228) * Restrict unknown scheme of HTTP/2 request (apache#9010) Strictly following RFC 3986 Section 3.1 ``` scheme = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." ) ``` (cherry picked from commit c56f872) * Fail fast on HTTP/2 header validation (apache#9009) Co-authored-by: Masakazu Kitajo <maskit@apache.org> (cherry picked from commit eaef5e8) * Add stack guard pages (apache#8996) Use r/w protected pages on top of stacks to guard against stack overflow. The number of VM pages to use for guarding can be set via the config option proxy.config.thread.default.stackguard_pages. (cherry picked from commit 1abf6c0) * Fix compile on M1 Mac (apache#8999) Add arm64 to the list of known stack growth directions. (cherry picked from commit 697da39) * Add RangeTransform::m_write_vio state checks (apache#8980) (cherry picked from commit e912ece) * Update slice to only prefetch when first block is miss/hit-stale (apache#8890) * Update slice to only prefetch when first block is miss/hit-stale * Remove extra line spaces & generalize autest output * Verify cont is valid * Use xdebug to only prefetch when first block is cacheable with miss/hit-stale status * Precompile via regex pattern in config * Remove plugin dependency, add cache status header between slice and crr * Only enable prefetching from CRR on 206 partial case from origin * Update header type, fix 206 case for 304 in CRR, allow header to be used for debugging * update header val type Co-authored-by: Serris Lew <lserris@apple.com> (cherry picked from commit f14cce4) Conflicts: doc/admin-guide/plugins/slice.en.rst * Setup UA consumer only if ua_entry is not nullptr (apache#8949) (cherry picked from commit cbe0bea) * Update roadmap doc with latest releases (apache#8977) (cherry picked from commit 80a0ff9) * Report an error if configure can't find zlib (apache#8446) (cherry picked from commit a100761) * Add thread safety to PendingAction operations. (apache#8443) (cherry picked from commit 29a5092) * Doc: Add proxy.config.cacvhe.mutex_retry_delay (apache#8376) (cherry picked from commit 3ad1587) * test_MMH: fix memory leak in unit test (apache#8357) (cherry picked from commit 0eccef0) * crash fix (apache#8268) (cherry picked from commit cd1139b) * Fix length bug in validate_unmapped_url_path (apache#8080) (cherry picked from commit ac16a3b) * Updated ChangeLog Co-authored-by: Chris McFarlen <chris@mcfarlen.us> Co-authored-by: Masaori Koshiba <masaori@apache.org> Co-authored-by: Jeff Elsloo <elsloo@users.noreply.github.com> Co-authored-by: Brian Neradt <brian.neradt@gmail.com> Co-authored-by: Damian Meden <damian.meden@gmail.com> Co-authored-by: Alan M. Carroll <amc@apache.org> Co-authored-by: Evan Zelkowitz <eze@apache.org> Co-authored-by: Leif Hedstrom <zwoop@apache.org> Co-authored-by: Mo Chen <uncorrupt@gmail.com> Co-authored-by: Serris Lew <serrisnlew@gmail.com> Co-authored-by: Matt Williams <gh@mattyw.net> Co-authored-by: Bryan Call <bcall@apache.org> Co-authored-by: Brian Olsen <bnolsen@gmail.com> Co-authored-by: Fei Deng <duke8253@gmail.com> Co-authored-by: bneradt <bneradt@yahooinc.com>
JosiahWI
pushed a commit
to JosiahWI/trafficserver
that referenced
this pull request
Jul 19, 2023
This reverts commit b2643a3. Reverting this because we have to do a merge commit and I accidentally squashed via the Github UI.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.