From f382ec0452065391269d1d76cc78ecf51c6334e2 Mon Sep 17 00:00:00 2001 From: Matt Morehouse Date: Thu, 20 Apr 2023 17:18:15 -0500 Subject: [PATCH] connectd: pass correct buflen to memmem After the first iteration of the loop, we call memmem with a buflen that points past the end of buf. In practice we probably never read the uninitialized memory since we guarantee the buffer ends with "\r\n", and since most/all libc implementations probably read the haystack sequentially. But maybe there's some libc with a crazy optimization out there. It's good to use an accurate buflen just in case. Discovered this while running some unit tests with MSan. --- connectd/websocketd.c | 1 + 1 file changed, 1 insertion(+) diff --git a/connectd/websocketd.c b/connectd/websocketd.c index 9dc65bec2..782530426 100644 --- a/connectd/websocketd.c +++ b/connectd/websocketd.c @@ -109,6 +109,7 @@ static const char *get_http_hdr(const tal_t *ctx, const u8 *buf, size_t buflen, && buf[strlen(hdrname)] == ':') break; buf = end + 2; + buflen -= hdrlen + 2; } buf += strlen(hdrname) + 1;