(possible?) bugfix for squid-3.0 from garana@dont-contact.us on 2004-03-12 (squid-dev)

From: <garana@dont-contact.us>
Date: Fri, 12 Mar 2004 11:47:29 -0300

Hi,

The patch attached fixes a possible bug:
in pconn.cc:314 there is a call to strncpy, but xstrncpy should be used, since strcmp is used for key comparison (pconn.cc:231).

pconnKey:
snprintf(buf, SQUIDHOSTNAMELEN * 2 + 10, ....);

pconnPop:
strncpy(key, pconnKey(host, port, domain), SQUIDHOSTNAMELEN + 10);

so, there is a chance that 'key' isn't actually zero terminated, which is a problem since strcmp is used in key comparison.

There are other strncpy calls that seem dangerous:
src/neighbors.cc:904
src/tools.cc:1221
I didn't came across yet with a bug in theese calls, though.

This could explain some of the memory corruption (in really long hostname lengths).

Hope this helps,

-- 
Gonzalo Arana
Ingenieria
UOLSinectis
Florida 537 Piso 6, Buenos Aires, Argentina 
+54-11-4321-9110 ext 2543
http://www.uolsinectis.com.ar/

text/plain attachment: squid-strncpy-bug.patch

Received on Fri Mar 12 2004 - 07:47:41 MST

This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:04 MST