From: Willy Tarreau Date: Fri, 7 Apr 2023 15:49:37 +0000 (+0200) Subject: CLEANUP: ocsp: do no use strpcy() to copy a path! X-Git-Tag: v2.8-dev7~7 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6d4c0c2ca247eb9e1e0317a080b577661d24a583;p=thirdparty%2Fhaproxy.git CLEANUP: ocsp: do no use strpcy() to copy a path! strcpy() is quite nasty but tolerable to copy constants, but here it copies a variable path into a node in a code path that's not trivial to follow given that it takes the node as the result of a tree lookup. Let's get rid of it and mention where the entry is retrieved. --- diff --git a/src/ssl_sock.c b/src/ssl_sock.c index ee6183a655..abbcfa6af2 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -1119,7 +1119,7 @@ static int ssl_sock_load_ocsp(const char *path, SSL_CTX *ctx, struct ckch_data * #endif struct buffer *ocsp_uri = get_trash_chunk(); char *err = NULL; - + size_t path_len; x = data->cert; if (!x) @@ -1164,7 +1164,8 @@ static int ssl_sock_load_ocsp(const char *path, SSL_CTX *ctx, struct ckch_data * if (!i || (i > OCSP_MAX_CERTID_ASN1_LENGTH)) goto out; - ocsp = calloc(1, sizeof(*ocsp)+strlen(path)+1); + path_len = strlen(path); + ocsp = calloc(1, sizeof(*ocsp) + path_len + 1); if (!ocsp) goto out; @@ -1265,7 +1266,13 @@ static int ssl_sock_load_ocsp(const char *path, SSL_CTX *ctx, struct ckch_data * goto out; } - strcpy(iocsp->path, path); + /* Note: if we arrive here, ocsp==NULL because iocsp==ocsp + * after the ebmb_insert(), which indicates that we've + * just inserted this new node and that it's the one for + * which we previously allocated enough room for path_len+1 + * chars. + */ + memcpy(iocsp->path, path, path_len + 1); if (data->ocsp_update_mode == SSL_SOCK_OCSP_UPDATE_ON) { ssl_ocsp_update_insert(iocsp);