Skip to content

V
varnish-cache
Switch branch/tag
History Find file
  • Alf-André Walla's avatar
    Add bounds-checking to vct_iscrlf and vct_skipcrlf · 177e17c8
    Alf-André Walla authored 
    The macros vct_iscrlf() and vct_skipcrlf() may look at one or two bytes
after its pointer value, causing OOB reads. This would allow
http1_dissect_hdrs to wrongly see a CRLF when one wasn't there (the last
LF left over in the bufer from the previous request).

Change the macros to inline functions, and harden them by always sending
the end pointer so that they can't overflow.

vct_iscrlf() will return an int value of 0 for no [CR]LF, 1 for LF and 2
for CRLF.

vct_skipcrlf() will return the pointer having been skipped 0, 1 or 2
bytes.
    177e17c8
Name
Last commit
 Last update
.github Loading commit data...
bin Loading commit data...
doc Loading commit data...
etc Loading commit data...
include Loading commit data...
lib Loading commit data...
m4 Loading commit data...
man Loading commit data...
tools Loading commit data...
.dir-locals.el Loading commit data...
.gitignore Loading commit data...
.syntastic_c_config Loading commit data...
.travis.yml Loading commit data...
CONTRIBUTING Loading commit data...
ChangeLog Loading commit data...
INSTALL Loading commit data...
LICENSE Loading commit data...
Makefile.am Loading commit data...
README.Packaging Loading commit data...
README.rst Loading commit data...
autogen.des Loading commit data...
autogen.sh Loading commit data...
configure.ac Loading commit data...
flint.lnt Loading commit data...
varnish-legacy.m4 Loading commit data...
varnish.m4 Loading commit data...
varnishapi-uninstalled.pc.in Loading commit data...
varnishapi.pc.in Loading commit data...