simon/tiny_httpd
1
0
Fork 0
mirror of https://github.com/c-cube/tiny_httpd.git synced 2025-12-06 19:25:32 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

security: zero out buffers from pool before reusing them

Browse source
This commit is contained in:
Simon Cruanes 2023-08-09 16:05:36 -04:00
parent 925a503604
commit 18780db853
No known key found for this signature in database
GPG key ID: EBFFF6F283F3A2B4
3 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/Tiny_httpd_buf.ml
View file

@ -16,6 +16,10 @@ let clear self : unit =
self.bytes <- self.original; self.bytes <- self.original;
self.i <- 0 self.i <- 0
let clear_and_zero self =
clear self;
Bytes.fill self.bytes 0 (Bytes.length self.bytes) '\x00'
let resize self new_size : unit = let resize self new_size : unit =
let new_buf = Bytes.make new_size ' ' in let new_buf = Bytes.make new_size ' ' in
Bytes.blit self.bytes 0 new_buf 0 self.i; Bytes.blit self.bytes 0 new_buf 0 self.i;

4
src/Tiny_httpd_buf.mli
View file

@ -13,6 +13,10 @@ val clear : t -> unit
val create : ?size:int -> unit -> t val create : ?size:int -> unit -> t
val contents : t -> string val contents : t -> string
val clear_and_zero : t -> unit
(** Clear the buffer and zero out its storage.
@since NEXT_RELEASE *)
val bytes_slice : t -> bytes val bytes_slice : t -> bytes
(** Access underlying slice of bytes. (** Access underlying slice of bytes.
@since 0.5 *) @since 0.5 *)

2
src/Tiny_httpd_server.ml
View file

@ -847,7 +847,7 @@ let create_from ?(buf_size = 16 * 1_024) ?(middlewares = []) ~backend () : t =
middlewares = []; middlewares = [];
middlewares_sorted = lazy []; middlewares_sorted = lazy [];
buf_pool = buf_pool =
Pool.create ~clear:Buf.clear Pool.create ~clear:Buf.clear_and_zero
~mk_item:(fun () -> Buf.create ~size:buf_size ()) ~mk_item:(fun () -> Buf.create ~size:buf_size ())
(); ();
} }