[
https://issues.apache.org/jira/browse/TS-3305?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14308842#comment-14308842
]
ASF subversion and git services commented on TS-3305:
-----------------------------------------------------
Commit 24f1e55c021e134b74a3caf78dd6e588534e4e5a in trafficserver's branch
refs/heads/master from [~snnn]
[ https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;h=24f1e55 ]
TS-3305: fix minor bugs in ats lua plugin
> minor bugs in ats lua plugin
> ----------------------------
>
> Key: TS-3305
> URL: https://issues.apache.org/jira/browse/TS-3305
> Project: Traffic Server
> Issue Type: Bug
> Components: Lua, Plugins
> Reporter: Kit Chan
> Assignee: Kit Chan
> Labels: review
> Fix For: 5.3.0
>
> Attachments: TS-3305.patch
>
>
> a minor bugs in ATS lua plugin,
> In plugins/experimental/ts_lua/ts_lua.c line 89:
> if (fn) {
> sprintf(conf->script, "%s", argv[2]);
> } else {
> conf->content = argv[2];
> }
> line: 358
> sprintf(conf->script, "%s", argv[1]);
> "sprintf" is extremely dangerous and deprecated ,should be replaced with
> "snprintf".
> And it would be better ( less confused ) if a '\0' is always added to the
> buffer after strncpy:
> e.g:
> if (argc < 3) {
> strncpy(errbuf, "[TSRemapNewInstance] - lua script file or string is
> required !!", errbuf_size - 1);
> return TS_ERROR;
> }
> Should be:
> if (argc < 3) {
> strncpy(errbuf, "[TSRemapNewInstance] - lua script file or string is
> required !!", errbuf_size - 1);
> errbuf[errbuf_size - 1] = '\0';
> return TS_ERROR;
> }
> Because strncpy doesn't guarantee null-termination. Now it works just because
> errbuf is large enough(2048 bytes)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
