Skip to content

Fix a buffer overrun in arc_eoh() #117

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Fix a buffer overrun in arc_eoh() #117

wants to merge 1 commit into from

Conversation

@flowerysong
Copy link
Contributor

@flowerysong flowerysong commented Dec 11, 2018

strncpy(hnbuf, h->hdr_text, h->hdr_namelen) assumes that hdr_namelen will never be longer than ARC_MAXHEADER, but that assumption wasn't enforced anywhere. Enforcing the maximum field name length in arc_parse_header_field() seems reasonable, and prevents malformed headers from overrunning this buffer.

@flowerysong
Fix a buffer overrun in arc_eoh()
559142d 
`strncpy(hnbuf, h->hdr_text, h->hdr_namelen)` assumes that hdr_namelen
will never be longer than ARC_MAXHEADER, but that assumption wasn't
enforced anywhere. Enforcing the maximum header name length in
arc_parse_header_field() seems reasonable, and prevents malformed
headers from overrunning this buffer.
@futatuki
Copy link

futatuki commented Sep 14, 2024

According to RFC 5322 section 2.1.1. each line of characters MUST be no more than 998 characters, and from the description about field name section 2.2. filed names cannot be folded.

So we can use lesser limit value than ARC_MAXHEADER for the restriction arc_parse_header_field() for enforcing RFC5322 section 2.1.1. (and can reduce the size of buffers for header field name, if we need to do so).

futatuki added a commit to futatuki/OpenARC that referenced this pull request Sep 16, 2024
@futatuki
Merge pull request trusteddomainproject#117 from flowerysong/arc_maxh…
cdd07fa 
…eader

`strncpy(hnbuf, h->hdr_text, h->hdr_namelen)` assumes that hdr_namelen
will never be longer than ARC_MAXHEADER, but that assumption wasn't
enforced anywhere. Enforcing the maximum header name length in
arc_parse_header_field() seems reasonable, and prevents malformed
headers from overrunning this buffer.

trusteddomainproject#117
futatuki added a commit to futatuki/OpenARC that referenced this pull request Sep 18, 2024
@futatuki
Merge pull request trusteddomainproject#117 from flowerysong/arc_maxh…
d1047e9 
…eader

`strncpy(hnbuf, h->hdr_text, h->hdr_namelen)` assumes that hdr_namelen
will never be longer than ARC_MAXHEADER, but that assumption wasn't
enforced anywhere. Enforcing the maximum header name length in
arc_parse_header_field() seems reasonable, and prevents malformed
headers from overrunning this buffer.

trusteddomainproject#117
@futatuki futatuki mentioned this pull request Sep 18, 2024
Open
@flowerysong flowerysong deleted the arc_maxheader branch October 16, 2024 18:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@flowerysong @futatuki