maage: fix: use memchr to scan ngx_string #11

maage · 2017-01-30T18:56:50Z

Field is not \0 terminated.

==13043==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x621000074100 at pc 0x563ba79d56c9 bp 0x7ffec6e4cf70 sp 0x7ffec6e4c720
READ of size 4097 at 0x621000074100 thread T0

==13043==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x621000074100 at pc 0x563ba79d56c9 bp 0x7ffec6e4cf70 sp 0x7ffec6e4c720 READ of size 4097 at 0x621000074100 thread T0

zhuizhuhaomeng · 2022-01-09T15:18:59Z

src/ngx_http_eval_module.c

@@ -514,7 +514,8 @@ ngx_http_eval_parse_param(ngx_http_request_t *r, ngx_http_eval_ctx_t *ctx,
    ngx_str_t                  name;
    ngx_str_t                  value;

-    p = (u_char *) ngx_strchr(param->data, '=');
+    /* param->data is not \0 terminated */
+    p = (u_char *) memchr(param->data, '=', param->len);


Suggested change

p = (u_char *) memchr(param->data, '=', param->len);

p = (u_char *) ngx_strlchr(param->data, param->data + param->len, '=');

maage: fix: use memchr to scan ngx_string

e7b0217

==13043==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x621000074100 at pc 0x563ba79d56c9 bp 0x7ffec6e4cf70 sp 0x7ffec6e4c720 READ of size 4097 at 0x621000074100 thread T0

zhuizhuhaomeng requested changes Jan 9, 2022

View reviewed changes

zhuizhuhaomeng merged commit f68f073 into openresty:master Aug 12, 2023
1 check passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

maage: fix: use memchr to scan ngx_string #11

maage: fix: use memchr to scan ngx_string #11

maage commented Jan 30, 2017

zhuizhuhaomeng Jan 9, 2022

	p = (u_char *) memchr(param->data, '=', param->len);
	p = (u_char *) ngx_strlchr(param->data, param->data + param->len, '=');

maage: fix: use memchr to scan ngx_string #11

maage: fix: use memchr to scan ngx_string #11

Conversation

maage commented Jan 30, 2017

zhuizhuhaomeng Jan 9, 2022

Choose a reason for hiding this comment