rgw: civetweb don't go past the array index while calling mg_start

currently we set the array size as the members in conf_map minus the members in rgw_opts, however all of the options inside rgw_opts like `prefix` do not feature in the conf_map hence the array is bigger than the expected size, and causes undefined behaviour depending on the compiler flags used. Fixes: http://tracker.ceph.com/issues/19749 Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
ceph · Apr 24, 2017 · 14beda1 · 14beda1
1 parent 9ca080d
commit 14beda1
Showing 1 changed file with 8 additions and 5 deletions.
diff --git a/src/rgw/rgw_civetweb_frontend.cc b/src/rgw/rgw_civetweb_frontend.cc
@@ -4,8 +4,6 @@
 #include <set>
 #include <string>
 
-#include <boost/utility/string_ref.hpp>
-
 #include "rgw_frontend.h"
 #include "rgw_client_io_filters.h"
 
@@ -65,8 +63,13 @@ int RGWCivetWebFrontend::run()
   }
 
   /* Prepare options for CivetWeb. */
-  const std::set<boost::string_ref> rgw_opts = { "port", "prefix" };
-  const size_t CW_NUM_OPTS = 2 * (conf_map.size() - rgw_opts.size()) + 1;
+  const std::set<string> rgw_opts = { "port", "prefix" };
+  size_t rgw_opt_num = 0;
+  for (const auto& opt: rgw_opts){
+    if (conf_map.find(opt) != conf_map.end())
+      rgw_opt_num++;
+  }
+  const size_t CW_NUM_OPTS = 2 * (conf_map.size() - rgw_opt_num) + 1;
   const char *options[CW_NUM_OPTS];
   size_t i = 0;
 
@@ -83,8 +86,8 @@ int RGWCivetWebFrontend::run()
       i += 2;
     }
   }
-  options[i] = nullptr;
 
+  options[i] = nullptr;
   /* Initialize the CivetWeb right now. */
   struct mg_callbacks cb;
   memset((void *)&cb, 0, sizeof(cb));