From: Daniel Stenberg Date: Tue, 8 Oct 2024 09:20:40 +0000 (+0200) Subject: hsts: avoid the local buffer and memcpy on lookup X-Git-Tag: curl-8_11_0~210 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=60d8663afb0fb7f113604404c50840dfe9320039;p=thirdparty%2Fcurl.git hsts: avoid the local buffer and memcpy on lookup Closes #15190 --- diff --git a/lib/hsts.c b/lib/hsts.c index a5c216f6de..d5e883f51e 100644 --- a/lib/hsts.c +++ b/lib/hsts.c @@ -250,7 +250,6 @@ struct stsentry *Curl_hsts(struct hsts *h, const char *hostname, bool subdomain) { if(h) { - char buffer[MAX_HSTS_HOSTLEN + 1]; time_t now = time(NULL); size_t hlen = strlen(hostname); struct Curl_llist_node *e; @@ -258,15 +257,13 @@ struct stsentry *Curl_hsts(struct hsts *h, const char *hostname, if((hlen > MAX_HSTS_HOSTLEN) || !hlen) return NULL; - memcpy(buffer, hostname, hlen); if(hostname[hlen-1] == '.') /* remove the trailing dot */ --hlen; - buffer[hlen] = 0; - hostname = buffer; for(e = Curl_llist_head(&h->list); e; e = n) { struct stsentry *sts = Curl_node_elem(e); + size_t ntail; n = Curl_node_next(e); if(sts->expires <= now) { /* remove expired entries */ @@ -274,16 +271,15 @@ struct stsentry *Curl_hsts(struct hsts *h, const char *hostname, hsts_free(sts); continue; } - if(subdomain && sts->includeSubDomains) { - size_t ntail = strlen(sts->host); - if(ntail < hlen) { - size_t offs = hlen - ntail; - if((hostname[offs-1] == '.') && - strncasecompare(&hostname[offs], sts->host, ntail)) - return sts; - } + ntail = strlen(sts->host); + if((subdomain && sts->includeSubDomains) && (ntail < hlen)) { + size_t offs = hlen - ntail; + if((hostname[offs-1] == '.') && + strncasecompare(&hostname[offs], sts->host, ntail)) + return sts; } - if(strcasecompare(hostname, sts->host)) + /* avoid strcasecompare because the host name is not null terminated */ + if((hlen == ntail) && strncasecompare(hostname, sts->host, hlen)) return sts; } }