Hacker News new | ask | show | jobs
by c-a 4701 days ago
The request parsing code seems to be of dubious quality https://github.com/timothyej/Shortfin/blob/master/src/reques...

From a cursory glance:

1. https://github.com/timothyej/Shortfin/blob/master/src/reques...

should be (data_len - i >= 4) since it accesses data[i+3]

2. https://github.com/timothyej/Shortfin/blob/master/src/reques...

shouldn't headers[header_count]->key also be null terminated?

3. https://github.com/timothyej/Shortfin/blob/master/src/reques...

header_count can become greater than 49 which causes a heap overflow at https://github.com/timothyej/Shortfin/blob/master/src/reques... and https://github.com/timothyej/Shortfin/blob/master/src/reques...
2 comments
timothy89 4701 days ago
I'll look them up, thanks for noticing!
link
andrewcooke 4701 days ago
the code in general is not that great, imho.

as well as the header count (which i came here to post), there's another suspicious hard-coded size limit in the number of servers (1000). although you could only crash the system in that case by configuring too many.

there's very little error handling. good c code returns error codes all over the damn place. this hardly has any.

i wouldn't use this.

link