From c4d1dc0c0cfe8839df1af0d54312a67700e290fc Mon Sep 17 00:00:00 2001
From: Sudheer Vinukonda <sudheerv@apache.org>
Date: Wed, 24 Jun 2020 20:47:58 -0700
Subject: [PATCH] Prevent buffer overflow during log filter actions

Buffer overflow resulting in corrupting global variables when the
unmapped URL is pointing to the global INVALID_STR.
---
 proxy/logging/LogAccess.cc | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/proxy/logging/LogAccess.cc b/proxy/logging/LogAccess.cc
index 6d8d9e1dc8c..5a0680dacdc 100644
--- a/proxy/logging/LogAccess.cc
+++ b/proxy/logging/LogAccess.cc
@@ -1144,7 +1144,7 @@ void
 LogAccess::set_client_req_url(char *buf, int len)
 {
   if (buf) {
-    m_client_req_url_len = len;
+    m_client_req_url_len = std::min(len, m_client_req_url_len);
     ink_strlcpy(m_client_req_url_str, buf, m_client_req_url_len + 1);
   }
 }
@@ -1153,7 +1153,7 @@ void
 LogAccess::set_client_req_url_canon(char *buf, int len)
 {
   if (buf) {
-    m_client_req_url_canon_len = len;
+    m_client_req_url_canon_len = std::min(len, m_client_req_url_canon_len);
     ink_strlcpy(m_client_req_url_canon_str, buf, m_client_req_url_canon_len + 1);
   }
 }
@@ -1162,7 +1162,7 @@ void
 LogAccess::set_client_req_unmapped_url_canon(char *buf, int len)
 {
   if (buf && m_client_req_unmapped_url_canon_str) {
-    m_client_req_unmapped_url_canon_len = len;
+    m_client_req_unmapped_url_canon_len = std::min(len, m_client_req_unmapped_url_canon_len);
     ink_strlcpy(m_client_req_unmapped_url_canon_str, buf, m_client_req_unmapped_url_canon_len + 1);
   }
 }
@@ -1171,7 +1171,7 @@ void
 LogAccess::set_client_req_unmapped_url_path(char *buf, int len)
 {
   if (buf && m_client_req_unmapped_url_path_str) {
-    m_client_req_unmapped_url_path_len = len;
+    m_client_req_unmapped_url_path_len = std::min(len, m_client_req_unmapped_url_path_len);
     ink_strlcpy(m_client_req_unmapped_url_path_str, buf, m_client_req_unmapped_url_path_len + 1);
   }
 }
@@ -1180,7 +1180,7 @@ void
 LogAccess::set_client_req_unmapped_url_host(char *buf, int len)
 {
   if (buf && m_client_req_unmapped_url_host_str) {
-    m_client_req_unmapped_url_host_len = len;
+    m_client_req_unmapped_url_host_len = std::min(len, m_client_req_unmapped_url_host_len);
     ink_strlcpy(m_client_req_unmapped_url_host_str, buf, m_client_req_unmapped_url_host_len + 1);
   }
 }
@@ -1190,7 +1190,7 @@ LogAccess::set_client_req_url_path(char *buf, int len)
 {
   //?? use m_client_req_unmapped_url_path_str for now..may need to enhance later..
   if (buf && m_client_req_unmapped_url_path_str) {
-    m_client_req_url_path_len = len;
+    m_client_req_url_path_len = std::min(len, m_client_req_url_path_len);
     ink_strlcpy(m_client_req_unmapped_url_path_str, buf, m_client_req_url_path_len + 1);
   }
 }