]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e1ae65b)
Correct copying of the url value
authorNeil Horman <nhorman@openssl.org>
Fri, 13 Dec 2024 13:54:49 +0000 (08:54 -0500)
committerNeil Horman <nhorman@openssl.org>
Sat, 11 Jan 2025 21:02:29 +0000 (16:02 -0500)
When setting up the url value we copy data from memory regions that
overlap, it leads to bogus output, correct that.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26180)

demos/http3/ossl-nghttp3-demo-server.c patch | blob | blame | history

diff --git a/demos/http3/ossl-nghttp3-demo-server.c b/demos/http3/ossl-nghttp3-demo-server.c
index dcfd652ca2de2d8a4acf35fa5692539b009eec8a..2541d78d369f327a7bfe02eef2a4a3e6a0966f9e 100644 (file)
--- a/demos/http3/ossl-nghttp3-demo-server.c
+++ b/demos/http3/ossl-nghttp3-demo-server.c
@@ -289,15 +289,15 @@ static int on_recv_header(nghttp3_conn *conn, int64_t stream_id, int32_t token,
     if (token == NGHTTP3_QPACK_TOKEN__PATH) {
         int len = (((vvalue.len) < (MAXURL)) ? (vvalue.len) : (MAXURL));
 
-        memcpy(h3ssl->url, vvalue.base, len);
-        if (h3ssl->url[0] == '/') {
-            if (h3ssl->url[1] == '\0') {
+        memset(h3ssl->url, 0, sizeof(h3ssl->url));
+        if (vvalue.base[0] == '/') {
+            if (vvalue.base[1] == '\0') {
                 strncpy(h3ssl->url, "index.html", MAXURL);
-                h3ssl->url[MAXURL - 1] = '\0';
             } else {
-                memcpy(h3ssl->url, h3ssl->url + 1, len - 1);
-                h3ssl->url[len - 1] = '\0';
+                memcpy(h3ssl->url, &vvalue.base[1], len - 1);
             }
+        } else {
+            memcpy(h3ssl->url, vvalue.base, len);
         }
     }
 
Mirror of https://github.com/openssl/openssl.git