42 lines
1.3 KiB
Diff
42 lines
1.3 KiB
Diff
From 13333db69f9b9710a98c86f44276e01e95420fa0 Mon Sep 17 00:00:00 2001
|
|
From: Evan Hunt <each@isc.org>
|
|
Date: Tue, 16 Aug 2022 16:26:02 -0700
|
|
Subject: [PATCH] compression buffer was not reused correctly
|
|
|
|
when the compression buffer was reused for multiple statistics
|
|
requests, responses could grow beyond the correct size. this was
|
|
because the buffer was not cleared before reuse; compressed data
|
|
was still written to the beginning of the buffer, but then the size
|
|
of used region was increased by the amount written, rather than set
|
|
to the amount written. this caused responses to grow larger and
|
|
larger, potentially reading past the end of the allocated buffer.
|
|
|
|
(cherry picked from commit 47e9fa981e56a7a232f3219fe8a40525c79d748b)
|
|
---
|
|
lib/isc/httpd.c | 2 ++
|
|
1 file changed, 2 insertions(+)
|
|
|
|
diff --git a/lib/isc/httpd.c b/lib/isc/httpd.c
|
|
index 6259347..88d8716 100644
|
|
--- a/lib/isc/httpd.c
|
|
+++ b/lib/isc/httpd.c
|
|
@@ -243,6 +243,7 @@ free_buffer(isc_mem_t *mctx, isc_buffer_t *buffer) {
|
|
if (r.length > 0) {
|
|
isc_mem_put(mctx, r.base, r.length);
|
|
}
|
|
+ isc_buffer_initnull(buffer);
|
|
}
|
|
|
|
static void
|
|
@@ -923,6 +924,7 @@ isc_httpd_compress(isc_httpd_t *httpd) {
|
|
if (result != ISC_R_SUCCESS) {
|
|
return result;
|
|
}
|
|
+ isc_buffer_clear(&httpd->compbuffer);
|
|
isc_buffer_region(&httpd->compbuffer, &r);
|
|
|
|
/*
|
|
--
|
|
2.23.0
|
|
|