Skip to content

Fix heap buffer overflow#215

Merged
etr merged 2 commits intomasterfrom
fix_heap_buffer_overflow
Dec 11, 2020
Merged

Fix heap buffer overflow#215
etr merged 2 commits intomasterfrom
fix_heap_buffer_overflow

Conversation

@etr
Copy link
Copy Markdown
Owner

@etr etr commented Dec 11, 2020

Identify the Bug

Unescaping URLs fails causing a full abort of the server. This happens when URLs have incomplete patterns resembling escape sequences as it assumes the sequence to be complete.

Description of the Change

Make the library immune from such error by checking the length of the string in input when unescaping.

Alternate Designs

We could flip the escape/unescape logic (thus only running this once at endpoint registration). This alternative design would have performance benefits but it is out of the purpose of this change and will require more work. Given the urgency, the current solution is the best option (as it doesn't degrade performance and fixes the issue).

Possible Drawbacks

None

Verification Process

Unit tests + travis runs.

Release Notes

Fixed heap buffer overflow when unescaping URLs containing partial escape sequences.

@etr etr added the bug Confirmed bugs or reports that are very likely to be bugs. label Dec 11, 2020
@etr etr self-assigned this Dec 11, 2020
@etr etr merged commit ec973dc into master Dec 11, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@etr etr

Labels

bug Confirmed bugs or reports that are very likely to be bugs.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@etr