* String the url fragment for outgoing requests (#7966)
Co-authored-by: Susan Hinrichs <shinrich@verizonmedia.com>
(cherry picked from commit
2b13eb33794574e62249997b4ba654d943a10f2d)
* Ensure that the content-length value is only digits (#7964)
Co-authored-by: Susan Hinrichs <shinrich@verizonmedia.com>
(cherry picked from commit
668d0f8668fec1cd350b0ceba3f7f8e4020ae3ca)
* Schedule H2 reenable event only if it's necessary
Co-authored-by: Katsutoshi Ikenoya <kikenoya@yahoo-corp.jp>
* Fix dynamic-stack-buffer-overflow of cachekey plugin (#7945)
* Fix dynamic-stack-buffer-overflow of cachekey plugin
* Check dst_size include null termination
(cherry picked from commit
5a9339d7bc65e1c2d8d2a0fc80bb051daf3cdb0b)
Co-authored-by: Bryan Call <bcall@apache.org>
Co-authored-by: Masakazu Kitajo <maskit@apache.org>
Co-authored-by: Katsutoshi Ikenoya <kikenoya@yahoo-corp.jp>
Co-authored-by: Masaori Koshiba <masaori@apache.org>
Gbp-Pq: Name 0019-CVE-2021-35474_32567_32566_32565_27577.patch
return;
}
- char tmp[len * 2];
+ char tmp[len * 3 + 1];
size_t written;
/* The default table does not encode the comma, so we need to use our own table here. */
int content_length_len = 0;
const char *content_length_val = content_length_field->value_get(&content_length_len);
+ // RFC 7230 section 3.3.2
+ // Content-Length = 1*DIGIT
+ //
+ // If the content-length value contains a non-numeric value, the header is invalid
+ for (int i = 0; i < content_length_len; i++) {
+ if (!isdigit(content_length_val[i])) {
+ Debug("http", "Content-Length value contains non-digit, returning parse error");
+ return PARSE_RESULT_ERROR;
+ }
+ }
+
while (content_length_field->has_dups()) {
int content_length_len_2 = 0;
const char *content_length_val_2 = content_length_field->m_next_dup->value_get(&content_length_len_2);
// HttpTransactHeaders::convert_request(outgoing_version, outgoing_request); // commented out this idea
+ URL *url = outgoing_request->url_get();
+ // Remove fragment from upstream URL
+ url->fragment_set(NULL, 0);
+
// Check whether a Host header field is missing from a 1.0 or 1.1 request.
if (outgoing_version != HTTPVersion(0, 9) && !outgoing_request->presence(MIME_PRESENCE_HOST)) {
- URL *url = outgoing_request->url_get();
int host_len;
const char *host = url->host_get(&host_len);
bool
Http2ClientSession::_should_do_something_else()
{
- // Do something else every 128 incoming frames
- return (this->_n_frame_read & 0x7F) == 0;
+ // Do something else every 128 incoming frames if connection state isn't closed
+ return (this->_n_frame_read & 0x7F) == 0 && !connection_state.is_state_closed();
}
int64_t
//
size_t out_len = len_in + 2 * count;
- if (dst && out_len > dst_size) {
+ if (dst && (out_len + 1) > dst_size) {
*len_out = 0;
return nullptr;
}
projects / trafficserver.git / commitdiff