This is an automated email from the ASF dual-hosted git repository.
jvanderzee pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 007407e92e Fix use of uninitialized stack memory in records (#11450)
007407e92e is described below
commit 007407e92e71a204d31293ccba9003b538806e3c
Author: JosiahWI <[email protected]>
AuthorDate: Mon Jun 17 10:19:51 2024 -0500
Fix use of uninitialized stack memory in records (#11450)
Fixes #11449.
This passes the length of the value read to the TextView constructor so that
only parses the actual content and ignores the uninitialized part of the
buffer.
---
src/records/RecHttp.cc | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/records/RecHttp.cc b/src/records/RecHttp.cc
index 15a0573a44..48d6f87ae1 100644
--- a/src/records/RecHttp.cc
+++ b/src/records/RecHttp.cc
@@ -33,6 +33,7 @@
#include "tscore/ink_inet.h"
#include "swoc/BufferWriter.h"
#include "swoc/bwf_ip.h"
+#include <cstring>
#include <string_view>
#include <unordered_set>
@@ -150,7 +151,7 @@ RecHttpLoadIpAddrsFromConfVar(const char *value_name,
swoc::IPRangeSet &addrs)
if (REC_ERR_OKAY == RecGetRecordString(value_name, value, sizeof(value))) {
Debug("config", "RecHttpLoadIpAddrsFromConfVar: parsing the name [%s] and
value [%s]", value_name, value);
- swoc::TextView text(value);
+ swoc::TextView text(value, std::strlen(value));
while (text) {
auto token = text.take_prefix_at(',');
if (swoc::IPRange r; r.load(token)) {
