From 02b17dbe3cff71ffd31577d872e077531124d207 Mon Sep 17 00:00:00 2001 From: Masaori Koshiba Date: Fri, 29 Oct 2021 09:34:12 +0900 Subject: [PATCH] Check length before search accept-encoding header (#8475) --- plugins/stats_over_http/stats_over_http.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/plugins/stats_over_http/stats_over_http.c b/plugins/stats_over_http/stats_over_http.c index b78575d5cf5..bb75fe791b5 100644 --- a/plugins/stats_over_http/stats_over_http.c +++ b/plugins/stats_over_http/stats_over_http.c @@ -61,6 +61,10 @@ /* global holding the path used for access to this JSON data */ #define DEFAULT_URL_PATH "_stats" +// TODO: replace with TS_HTTP_* when BROTLI is supported +#define HTTP_VALUE_BR "BR" +#define HTTP_LEN_BR 2 + // from mod_deflate: // ZLIB's compression algorithm uses a // 0-9 based scale that GZIP does where '1' is 'Best speed' @@ -618,15 +622,15 @@ stats_origin(TSCont contp ATS_UNUSED, TSEvent event ATS_UNUSED, void *edata) if (accept_encoding_field != TS_NULL_MLOC) { int len = -1; const char *str = TSMimeHdrFieldValueStringGet(reqp, hdr_loc, accept_encoding_field, -1, &len); - if (strstr(str, "deflate") != NULL) { + if (len >= TS_HTTP_LEN_DEFLATE && strstr(str, TS_HTTP_VALUE_DEFLATE) != NULL) { TSDebug(PLUGIN_NAME, "Saw deflate in accept encoding"); my_state->encoding = init_gzip(my_state, DEFLATE_MODE); - } else if (strstr(str, "gzip") != NULL) { + } else if (len >= TS_HTTP_LEN_GZIP && strstr(str, TS_HTTP_VALUE_GZIP) != NULL) { TSDebug(PLUGIN_NAME, "Saw gzip in accept encoding"); my_state->encoding = init_gzip(my_state, GZIP_MODE); } #if HAVE_BROTLI_ENCODE_H - else if (strstr(str, "br") != NULL) { + else if (len >= HTTP_LEN_BR && strstr(str, HTTP_VALUE_BR) != NULL) { TSDebug(PLUGIN_NAME, "Saw br in accept encoding"); my_state->encoding = init_br(my_state); }