Open tyler92 opened 7 months ago
Another good find @tyler92. If or when you're ready with a PR just let us know.
@kiplingw Can I take an attempt at this?
Yes, certainly @alexprabhat99 and thanks for showing initiative. @dgreatwood might have some thoughts on this too.
@kiplingw Could you please check out my PR #1201 which attempts to fix this issue? Your feedback would certainly help me improve. Thanks in advance!
The
std::strtol
requires the input string to be a zero-terminated string, but the HTTP parsing procedure works with a binary buffer and there is no guarantee that the last byte is zero. It may lead to out-of-bound read, which is an undefined behavior and might cause it to crash. The list of affected functions:Example of sanitizer report used in fuzzing test: