technocloud-public/nginx-unit
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Ruby: Prevent a possible integer underflow

Browse Source 
Coverity picked up a potential issue with the previous commit d9f5f1fb7
("Ruby: Handle response field arrays") in that a size_t could wrap
around to SIZE_MAX - 1.

This would happen if we were given an empty array of header values.

Fixes: d9f5f1fb7 ("Ruby: Handle response field arrays")
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
This commit is contained in:
Andrew Clayton
2023-12-13 02:04:38 +00:00
parent d9f5f1fb74
commit 88854cf146
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/ruby/nxt_ruby.c
View File

@@ -914,8 +914,12 @@ nxt_ruby_hash_info(VALUE r_key, VALUE r_value, VALUE arg)
len += RSTRING_LEN(item) + 2; /* +2 for '; ' */ len += RSTRING_LEN(item) + 2; /* +2 for '; ' */
} }
if (arr_len > 0) {
len -= 2;
}
headers_info->fields++; headers_info->fields++;
headers_info->size += RSTRING_LEN(r_key) + len - 2; headers_info->size += RSTRING_LEN(r_key) + len;
return ST_CONTINUE; return ST_CONTINUE;
} }
@@ -994,7 +998,9 @@ nxt_ruby_hash_add(VALUE r_key, VALUE r_value, VALUE arg)
p = nxt_cpymem(p, "; ", 2); p = nxt_cpymem(p, "; ", 2);
} }
if (arr_len > 0) {
len -= 2; len -= 2;
}
*rc = nxt_unit_response_add_field(headers_info->req, *rc = nxt_unit_response_add_field(headers_info->req,
RSTRING_PTR(r_key), key_len, RSTRING_PTR(r_key), key_len,