From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Wed, 5 Oct 2016 04:24:28 +0000 (-0600)
Subject: Fixed "Invalid read of size 1" bug in non-standard HTTP header search.
X-Git-Tag: SQUID_4_0_15~11
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=869cfa1f882a2a582d970fe9908903d1bccb3137;p=thirdparty%2Fsquid.git

Fixed "Invalid read of size 1" bug in non-standard HTTP header search.

Valgrind error report:
Invalid read of size 1
   at strcasecmp
   by String::caseCmp(char const*) const
   by HttpHeader::getByNameIfPresent(char const*, int, String&)
   by HttpHeader::getByNameIfPresent(SBuf const&, String&)
   by HttpHeader::getByName(SBuf const&) const
   by assembleVaryKey(String&, SBuf&, HttpRequest const&)
   ...

The bug is probably not specific to Vary assembly and may have been
present since r14285 (gperf perfect hash refactoring).
---

diff --git a/src/HttpHeader.cc b/src/HttpHeader.cc
index 0197509c23..e1ebf4bb08 100644
--- a/src/HttpHeader.cc
+++ b/src/HttpHeader.cc
@@ -882,7 +882,7 @@ HttpHeader::getByNameIfPresent(const char *name, int namelen, String &result) co
     /* Sorry, an unknown header name. Do linear search */
     bool found = false;
     while ((e = getEntry(&pos))) {
-        if (e->id == Http::HdrType::OTHER && e->name.caseCmp(name) == 0) {
+        if (e->id == Http::HdrType::OTHER && e->name.caseCmp(name, namelen) == 0) {
             found = true;
             strListAdd(&result, e->value.termedBuf(), ',');
         }