Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Fix an invalid memory access by an mruby middleware #1945

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jan 11, 2019
Merged

Fix an invalid memory access by an mruby middleware #1945

merged 2 commits into from
Jan 11, 2019

Conversation

@toru
Copy link
Collaborator

@toru toru commented Jan 10, 2019

Objective

Fix an invalid read in convert_env_to_header_name (middleware.c:140).

==77960== Invalid read of size 1
==77960==    at 0x204630: convert_env_to_header_name (middleware.c:140)
==77960==    by 0x204630: handle_header_env_key (middleware.c:406)
==77960==    by 0x2002B7: h2o_mruby_iterate_header_values (mruby.c:1151)
==77960==    by 0x2056DD: create_subreq (middleware.c:598)
==77960==    by 0x2056DD: middleware_request_method (middleware.c:791)
... snip ...

Cause

We forward the name pointer by KEY_PREFIX_LEN and loop from there to copy byte-by-byte into the newly created h2o_iovec_t. The issue is that len remains the length of the string with HTTP_ prefix.

Fix

Subtract len by KEY_PREFIX_LEN so that we don't over iterate. The case of len < KEY_PREFIX_LEN is handled earlier in the function. As a result, Valgrind no longer reports an invalid read.

@toru toru requested review from i110 and kazuho January 10, 2019 23:41
@toru toru added the mruby label Jan 10, 2019
@kazuho
Copy link
Member

kazuho commented Jan 10, 2019

@toru Nice catch. Please feel free to merge once CI succeeds.

i110
i110 approved these changes Jan 11, 2019
View reviewed changes
Copy link
Contributor

@i110 i110 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 thank you for the fix!

@toru toru merged commit 216612e into h2o:master Jan 11, 2019
@toru toru deleted the mruby-fix branch January 11, 2019 00:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kazuho kazuho kazuho approved these changes

@i110 i110 i110 approved these changes

Assignees

No one assigned

Labels

mruby

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@toru @kazuho @i110