hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix out of bounds read in avro_client_process_command

Browse Source 
When the last transaction was queried, it caused an out of bounds read
when strstr was used on the raw data of a GWBUF.
This commit is contained in:
Markus Makela
2016-09-29 15:28:57 +03:00
parent dcf55d4099
commit 4658a28965
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
server/modules/routing/avro/avro_client.c
View File

@ -448,7 +448,10 @@ avro_client_process_command(AVRO_INSTANCE *router, AVRO_CLIENT *client, GWBUF *q
const char req_last_gtid[] = "QUERY-LAST-TRANSACTION"; const char req_last_gtid[] = "QUERY-LAST-TRANSACTION";
const char req_gtid[] = "QUERY-TRANSACTION"; const char req_gtid[] = "QUERY-TRANSACTION";
const size_t req_data_len = sizeof(req_data) - 1; const size_t req_data_len = sizeof(req_data) - 1;
uint8_t *data = GWBUF_DATA(queue); size_t buflen = gwbuf_length(queue);
uint8_t data[buflen + 1];
gwbuf_copy_data(queue, 0, buflen, data);
data[buflen] = '\0';
char *command_ptr = strstr((char *)data, req_data); char *command_ptr = strstr((char *)data, req_data);
if (command_ptr != NULL) if (command_ptr != NULL)