Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

1.9.6大家都能正常编译过去吗? #947

Open
liujian-930212 opened this issue Apr 12, 2024 · 1 comment
Open

1.9.6大家都能正常编译过去吗? #947

liujian-930212 opened this issue Apr 12, 2024 · 1 comment
Assignees
Labels
issue/solved the issue is solved, and would be closed later

Comments

@liujian-930212
Copy link

proxy_proto_insert函数中,有char ppv1buf[108], tbuf1[64], tbuf2[64];三个变量。然后下面有语句sprintf(ppv1buf, "PROXY TCP6 %s %s %d %d\r\n", tbuf1, tbuf2, ntohs(ppinfo->addr.ip6.src_port), ntohs(ppinfo->addr.ip6.dst_port));编译器会直接报出有溢出风险。由于默认有-Werror选项,会直接导致编译失败。

暂时我把ppv1buf扩大到256个字节,可以编译通过。问下这个变量为啥要定在108个字节?是不是该用snprintf或者扩大他的容量?

@ywc689 ywc689 self-assigned this Apr 12, 2024
@ywc689
Copy link
Collaborator

ywc689 commented Apr 12, 2024

这个地方缺失有漏洞,我们后面修复下。
ppv1buf 的长度设置为108,是因为 proxy protocol v1 的数据长度最大是107字节。

@ywc689 ywc689 added the issue/to-solve issues await answers tobe solved label Apr 12, 2024
ywc689 added a commit to ywc689/dpvs that referenced this issue Apr 19, 2024
…w warning with gcc version 8.0+

Signed-off-by: ywc689 <ywc689@163.com>
@ywc689 ywc689 added issue/solved the issue is solved, and would be closed later and removed issue/to-solve issues await answers tobe solved labels May 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
issue/solved the issue is solved, and would be closed later
Projects
None yet
Development

No branches or pull requests

2 participants