This is an automated email from the ASF dual-hosted git repository. cmcfarlen pushed a commit to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 64602ea16bb7a03b3325d30a53087935240bd953 Author: JosiahWI <[email protected]> AuthorDate: Mon Jun 17 10:19:51 2024 -0500 Fix use of uninitialized stack memory in records (#11450) Fixes #11449. This passes the length of the value read to the TextView constructor so that only parses the actual content and ignores the uninitialized part of the buffer. (cherry picked from commit 007407e92e71a204d31293ccba9003b538806e3c) --- src/records/RecHttp.cc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/records/RecHttp.cc b/src/records/RecHttp.cc index af632de729..ae244d3805 100644 --- a/src/records/RecHttp.cc +++ b/src/records/RecHttp.cc @@ -33,6 +33,7 @@ #include "tscore/ink_inet.h" #include "swoc/BufferWriter.h" #include "swoc/bwf_ip.h" +#include <cstring> #include <string_view> #include <unordered_set> @@ -151,7 +152,7 @@ RecHttpLoadIpAddrsFromConfVar(const char *value_name, swoc::IPRangeSet &addrs) if (REC_ERR_OKAY == RecGetRecordString(value_name, value, sizeof(value))) { Debug("config", "RecHttpLoadIpAddrsFromConfVar: parsing the name [%s] and value [%s]", value_name, value); - swoc::TextView text(value); + swoc::TextView text(value, std::strlen(value)); while (text) { auto token = text.take_prefix_at(','); if (swoc::IPRange r; r.load(token)) {
