Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
http_server: api: v1: backport fix for CVE-2024-4323
* api/v1/traces: validate inputs when enabling traces. validate the array of inputs when enabling multiple traces that they are strings. this patch also refactors out the allocation of said input name. * api/v1/traces: disable traces api when tracing is disabled. * api/v1/trace: use macros for strings and lengths in responses. avoid strlen when creating http response, especially in loops, by predefining them via macros. * api/v1/trace: use sizeof for string length macros. * api/v1/trace: use signed lenghts for strings. this avoid potential integer overflows when using them as specifiers for format strings. * api/v1/traces: use macro for inputs string. * api/v1/traces: use sizeof when comparing against base path. * api/v1/traces: replace strlen with flb_sds_len when using flb_sds_t. --------- Signed-off-by: Phillip Adair Stewart Whelan <[email protected]> Signed-off-by: Phillip Whelan <[email protected]> Co-authored-by: Phillip Whelan <[email protected]>
- Loading branch information