trafficserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sor...@apache.org
Subject [7/9] trafficserver git commit: TS-3649 Fix for url_sig plugin security issues (crash by HTTP request, circumvent signature).
Date Tue, 02 Jun 2015 04:08:27 GMT
TS-3649 Fix for url_sig plugin security issues (crash by HTTP request, circumvent signature).

(cherry picked from commit 3f523ea5db49e244f9a09b4752d06031e3f31130)


Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/d284c9d1
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/d284c9d1
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/d284c9d1

Branch: refs/heads/5.3.x
Commit: d284c9d1a65cec9a7f69aa92547a87a746eb359d
Parents: 6f0e544
Author: Gancho Tenev <gttenev@gmail.com>
Authored: Mon Jun 1 10:17:40 2015 -0700
Committer: Phil Sorber <sorber@apache.org>
Committed: Mon Jun 1 21:52:53 2015 -0600

----------------------------------------------------------------------
 plugins/experimental/url_sig/url_sig.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/trafficserver/blob/d284c9d1/plugins/experimental/url_sig/url_sig.c
----------------------------------------------------------------------
diff --git a/plugins/experimental/url_sig/url_sig.c b/plugins/experimental/url_sig/url_sig.c
index 056e789..9ca273c 100644
--- a/plugins/experimental/url_sig/url_sig.c
+++ b/plugins/experimental/url_sig/url_sig.c
@@ -328,7 +328,7 @@ TSRemapDoRemap(void *ih, TSHttpTxn txnp, TSRemapRequestInfo *rri)
   if (p != NULL) {
     p += strlen(KIN_QSTRING) + 1;
     keyindex = atoi(p);
-    if (keyindex == -1) {
+    if (keyindex < 0 || keyindex >= MAX_KEY_NUM || 0 == cfg->keys[keyindex][0])
{
       err_log(url, "Invalid key index.");
       goto deny;
     }


Mime
View raw message