Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tools/http_load: Possible OOB snprintf #11839

Open
nnewram opened this issue Nov 1, 2024 · 0 comments
Open

tools/http_load: Possible OOB snprintf #11839

nnewram opened this issue Nov 1, 2024 · 0 comments
Assignees
@bryancall
Labels
Bug Tools
Milestone
10.1.0

Comments

@nnewram
Copy link

nnewram commented Nov 1, 2024

snprintf returns number possibly written, not actually written.
Second iteration for cookies / extra header, this can cause oob if sufficiently long.

trafficserver/tools/http_load/http_load.c

Line 654 in 8671ddb

hdr_bytes += snprintf(&hdr_buf[hdr_bytes], sizeof(hdr_buf) - hdr_bytes, "Cookie: %s\r\n", cookie);

input supplied as cli argv so probably low-priority but thought i'd file an issue anyway (notice that this occurs on multiple places in this function).
@JosiahWI JosiahWI added the Bug label Nov 4, 2024
@JosiahWI JosiahWI added this to the 10.1.0 milestone Nov 4, 2024
@bryancall bryancall self-assigned this Nov 4, 2024
@JosiahWI JosiahWI added the Tools label Nov 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bryancall bryancall

Labels
Bug Tools
Projects
None yet
Milestone
10.1.0
Development

No branches or pull requests
3 participants
@bryancall @nnewram @JosiahWI