From c3e40ae932f0cf9ae33166479049d2d3c9fa1615 Mon Sep 17 00:00:00 2001 From: Alejandro Colomar Date: Mon, 6 Jun 2022 14:18:01 +0200 Subject: Static: Fixed finding the file extension. The code for finding the extension made a few assumptions that are no longer true. It didn't account for pathnames that didn't contain '/', including the empty string, or the NULL string. That code was used with "share", which always had a '/', but now it's also used with "index", which should not have a '/' in it. This fix works by limiting the search to the beginning of the string, so that if no '/' is found in it, it doesn't continue searching before the beginning of the string. This also happens to work for NULL. It is technically Undefined Behavior, as we rely on `NULL + 0 == NULL` and `NULL - NULL == 0`. But that is the only sane behavior for an implementation, and all existing POSIX implementations will Just Work for this code. Relying on this UB is useful, because we don't need to add an explicit check for NULL, and therefore we have faster code. Although the current code can't have a NULL, I expect that when we add support for variables in the index, it will be NULL in some cases. Link: The same code seems to be defined behavior in C++, which normally will share implementation in the compiler for these cases, and therefore it is really unlikely to be in trouble. Link: --- docs/changes.xml | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'docs/changes.xml') diff --git a/docs/changes.xml b/docs/changes.xml index 38909a42..65e9d200 100644 --- a/docs/changes.xml +++ b/docs/changes.xml @@ -37,6 +37,13 @@ forwarded header to replace client address and protocol. + + +an index file that didn't contain a file extension was incorrectly +handled, and caused a use-after-free bug. + + + -- cgit