diff options
| author |  yang-g <yangg@google.com> | 2017-04-12 15:21:56 -0700 |
|---|---|---|
| committer | yang-g <yangg@google.com> | 2017-04-12 15:24:57 -0700 |
| commit | f3d9b4808a5645ad2ff5d0fee4085bb06cb83419 (patch) | |
| tree | 3a6ec8e92b73f7ed03058a442c4af081a4716c24 | |
| parent | 1b76bda4a61a0ed65d5a5de7a6f3363a47871e50 (diff) | |
Fix buffer overflow https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=973
| -rw-r--r-- | src/core/lib/channel/http_server_filter.c | 6 | ||||
| -rw-r--r-- | test/core/end2end/fuzzers/server_fuzzer_corpus/clusterfuzz-testcase-5595941564317696 | bin | 0 -> 92 bytes | |||
| -rw-r--r-- | tools/run_tests/generated/tests.json | 23 |
3 files changed, 26 insertions, 3 deletions
diff --git a/src/core/lib/channel/http_server_filter.c b/src/core/lib/channel/http_server_filter.c index c1e49ffacc..ebcde5315f 100644 --- a/src/core/lib/channel/http_server_filter.c +++ b/src/core/lib/channel/http_server_filter.c @@ -240,9 +240,9 @@ static grpc_error *server_filter_incoming_metadata(grpc_exec_ctx *exec_ctx, const int k_url_safe = 1; grpc_slice_buffer_add( &calld->read_slice_buffer, - grpc_base64_decode(exec_ctx, - (const char *)GRPC_SLICE_START_PTR(query_slice), - k_url_safe)); + grpc_base64_decode_with_len( + exec_ctx, (const char *)GRPC_SLICE_START_PTR(query_slice), + GRPC_SLICE_LENGTH(query_slice), k_url_safe)); grpc_slice_buffer_stream_init(&calld->read_stream, &calld->read_slice_buffer, 0); calld->seen_path_with_query = true; diff --git a/test/core/end2end/fuzzers/server_fuzzer_corpus/clusterfuzz-testcase-5595941564317696 b/test/core/end2end/fuzzers/server_fuzzer_corpus/clusterfuzz-testcase-5595941564317696 Binary files differnew file mode 100644 index 0000000000..335ce87196 --- /dev/null +++ b/test/core/end2end/fuzzers/server_fuzzer_corpus/clusterfuzz-testcase-5595941564317696 diff --git a/tools/run_tests/generated/tests.json b/tools/run_tests/generated/tests.json index 12d48f219d..188b77586e 100644 --- a/tools/run_tests/generated/tests.json +++ b/tools/run_tests/generated/tests.json @@ -150789,6 +150789,29 @@ }, { "args": [ + "test/core/end2end/fuzzers/server_fuzzer_corpus/clusterfuzz-testcase-5595941564317696" + ], + "ci_platforms": [ + "linux" + ], + "cpu_cost": 0.1, + "exclude_configs": [ + "tsan" + ], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "server_fuzzer_one_entry", + "platforms": [ + "mac", + "linux" + ], + "uses_polling": false + }, + { + "args": [ "test/core/end2end/fuzzers/server_fuzzer_corpus/clusterfuzz-testcase-6312731374256128" ], "ci_platforms": [ |