[squid-dev] [PATCH] ext_edirectory_userip_acl refactoring
Amos Jeffries
squid3 at treenet.co.nz
Wed May 9 11:05:08 UTC 2018
Proposed changes to this helper to fix strcat / strncat buffer overread
/ overflow issues.
The approach takes three parts:
* adds a makeHexString function to replace many for-loops catenating
bits of strings together with hex conversion into a second buffer.
Replacing with a snprintf() and buffer overflow handling.
* a copy of Ip::Address::lookupHostIp to convert the input string into
IP address binary format, then generate the hex string using the above
new hex function instead of looped sub-string concatenations across
several buffers.
This removes all the "00" and "0000" strncat() calls and allows far
simpler code even with added buffer overflow handling.
* replace multiple string part concatenations with a few simpler calls
to snprintf() for all the search_ip buffer constructions. Adding buffer
overflow handling as needed for the new calls.
Amos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: eDirectory_gcc8_mk2.patch
Type: text/x-patch
Size: 19953 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20180509/0e2de4f4/attachment.bin>
More information about the squid-dev
mailing list