[jira] [Updated] (TS-3353) traffic_via memory bug.
[ https://issues.apache.org/jira/browse/TS-3353?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bin updated TS-3353: Attachment: traffic_via_memory_overwrite_bug.diff This is a patch that should fix the bug. > traffic_via memory bug. > --- > > Key: TS-3353 > URL: https://issues.apache.org/jira/browse/TS-3353 > Project: Traffic Server > Issue Type: Bug >Reporter: Bin > Attachments: traffic_via_memory_overwrite_bug.diff > > > A memory overwriting bug was found in traffic_via which can potentially lead > to remote code execution. In function decodeViaHeader in file traffic_via.cc, > a call to strcat can potentially overwrite outside the bounds on the heap. > For example, if the via header string is "abcde", the strcat concatenates a > byte to the end and can corrupt the adjacent byte. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (TS-3353) traffic_via memory bug.
[ https://issues.apache.org/jira/browse/TS-3353?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bin updated TS-3353: Attachment: traffic_via_memory_overwrite_bug_1.diff > traffic_via memory bug. > --- > > Key: TS-3353 > URL: https://issues.apache.org/jira/browse/TS-3353 > Project: Traffic Server > Issue Type: Bug >Reporter: Bin > Attachments: traffic_via_memory_overwrite_bug.diff, > traffic_via_memory_overwrite_bug_1.diff > > > A memory overwriting bug was found in traffic_via which can potentially lead > to remote code execution. In function decodeViaHeader in file traffic_via.cc, > a call to strcat can potentially overwrite outside the bounds on the heap. > For example, if the via header string is "abcde", the strcat concatenates a > byte to the end and can corrupt the adjacent byte. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (TS-3353) traffic_via memory bug.
[ https://issues.apache.org/jira/browse/TS-3353?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bin updated TS-3353: Attachment: (was: traffic_via_memory_overwrite_bug_1.diff) > traffic_via memory bug. > --- > > Key: TS-3353 > URL: https://issues.apache.org/jira/browse/TS-3353 > Project: Traffic Server > Issue Type: Bug >Reporter: Bin > > A memory overwriting bug was found in traffic_via which can potentially lead > to remote code execution. In function decodeViaHeader in file traffic_via.cc, > a call to strcat can potentially overwrite outside the bounds on the heap. > For example, if the via header string is "abcde", the strcat concatenates a > byte to the end and can corrupt the adjacent byte. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (TS-3353) traffic_via memory bug.
[ https://issues.apache.org/jira/browse/TS-3353?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bin updated TS-3353: Attachment: (was: traffic_via_memory_overwrite_bug.diff) > traffic_via memory bug. > --- > > Key: TS-3353 > URL: https://issues.apache.org/jira/browse/TS-3353 > Project: Traffic Server > Issue Type: Bug >Reporter: Bin > > A memory overwriting bug was found in traffic_via which can potentially lead > to remote code execution. In function decodeViaHeader in file traffic_via.cc, > a call to strcat can potentially overwrite outside the bounds on the heap. > For example, if the via header string is "abcde", the strcat concatenates a > byte to the end and can corrupt the adjacent byte. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (TS-3353) traffic_via memory bug.
[ https://issues.apache.org/jira/browse/TS-3353?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bin updated TS-3353: Attachment: traffic_via_memory_overwrite_bug.diff > traffic_via memory bug. > --- > > Key: TS-3353 > URL: https://issues.apache.org/jira/browse/TS-3353 > Project: Traffic Server > Issue Type: Bug >Reporter: Bin > Attachments: traffic_via_memory_overwrite_bug.diff > > > A memory overwriting bug was found in traffic_via which can potentially lead > to remote code execution. In function decodeViaHeader in file traffic_via.cc, > a call to strcat can potentially overwrite outside the bounds on the heap. > For example, if the via header string is "abcde", the strcat concatenates a > byte to the end and can corrupt the adjacent byte. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
