Skip to content

http2: avoid strstr() on data not zero terminated#2513

Closed
bagder wants to merge 1 commit intomasterfrom
bagder/http2-avoid-strstr-on-data
Closed

http2: avoid strstr() on data not zero terminated#2513
bagder wants to merge 1 commit intomasterfrom
bagder/http2-avoid-strstr-on-data

Conversation

@bagder
Copy link
Member

@bagder bagder commented Apr 20, 2018

It's not strictly clear if the API contract allows us to call strstr()
on a string that isn't zero terminated even when we know it will find
the substring, and clang's ASAN check dislikes us for it.

Also added a check of the return code in case it fails, even if I can't
think of a situation how that can trigger.

Detected by OSS-Fuzz

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7760

@bagder
http2: avoid strstr() on data not zero terminated
d0aa97e 
It's not strictly clear if the API contract allows us to call strstr()
on a string that isn't zero terminated even when we know it will find
the substring, and clang's ASAN check dislikes us for it.

Also added a check of the return code in case it fails, even if I can't
think of a situation how that can trigger.

Detected by OSS-Fuzz

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7760
@bagder bagder added the HTTP/2 label Apr 20, 2018
@bagder bagder closed this in 1514c44 Apr 20, 2018
@bagder bagder deleted the bagder/http2-avoid-strstr-on-data branch April 20, 2018 20:17
@lock lock bot locked as resolved and limited conversation to collaborators Jul 19, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

HTTP/2

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bagder