mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 14:35:26 +00:00
Code Issues Releases Wiki Activity

compression buffer was not reused correctly

Browse Source 
when the compression buffer was reused for multiple statistics
requests, responses could grow beyond the correct size. this was
because the buffer was not cleared before reuse; compressed data
was still written to the beginning of the buffer, but then the size
of used region was increased by the amount written, rather than set
to the amount written. this caused responses to grow larger and
larger, potentially reading past the end of the allocated buffer.
This commit is contained in:
Evan Hunt
2022-08-16 16:26:02 -07:00
committed by Michał Kępień
parent 2cffc5b849
commit 47e9fa981e
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/isc/httpd.c
View File

@@ -202,6 +202,8 @@ free_buffer(isc_mem_t *mctx, isc_buffer_t *buffer) {
if (r.base != NULL) {
isc_mem_put(mctx, r.base, r.length);
}
isc_buffer_initnull(buffer);
}
isc_result_t
@@ -864,6 +866,7 @@ httpd_compress(isc_httpd_t *httpd) {
inputlen = isc_buffer_usedlength(&httpd->bodybuffer);
alloc_compspace(httpd, inputlen);
isc_buffer_clear(&httpd->compbuffer);
isc_buffer_region(&httpd->compbuffer, &r);
/*