Fix LP#1883169 by using growing_buffer
authorkenstir <kenstir@gmail.com>
Sun, 14 Jun 2020 01:43:57 +0000 (21:43 -0400)
committerMike Rylander <mrylander@gmail.com>
Fri, 17 Sep 2021 17:37:21 +0000 (13:37 -0400)
When presented with an error message that has more than 32 characters
that need to be escaped, the gateway fails to reserve enough space in
the memory allocation it uses to build the JSON message.  Instead of
guessing at how much space will be needed, and failing for some
messages, this commit uses growing_buffer to build the JSON.
growing_buffer is limited to 10Mb, so while large messages could be
generated, they won't cause an OOM on the server side.

Signed-off-by: Ken Cox <kenstir@gmail.com>
Signed-off-by: Mike Rylander <mrylander@gmail.com>
src/gateway/osrf_json_gateway.c

index a015e53..783ebc9 100644 (file)
@@ -392,24 +392,24 @@ static int osrf_json_gateway_method_handler (request_rec *r) {
                        /* add a debug field if the request died */
                        ap_log_rerror( APLOG_MARK, APLOG_INFO, 0, r,
                                        "OpenSRF JSON Request returned error: %s -> %s", statusname, statustext );
                        /* add a debug field if the request died */
                        ap_log_rerror( APLOG_MARK, APLOG_INFO, 0, r,
                                        "OpenSRF JSON Request returned error: %s -> %s", statusname, statustext );
-                       int l = strlen(statusname) + strlen(statustext) + 32;
-                       char buf[l];
+                       growing_buffer* buf = buffer_init(512);
 
                        if (isXML)
 
                        if (isXML)
-                               snprintf( buf, sizeof(buf), "<debug>\"%s : %s\"</debug>", statusname, statustext );
+                               buffer_fadd(buf, "<debug>\"%s : %s\"</debug>", statusname, statustext);
 
                        else {
 
                        else {
-                               char bb[l];
-                               snprintf(bb, sizeof(bb),  "%s : %s", statusname, statustext);
-                               jsonObject* tmp = jsonNewObject(bb);
+                               buffer_fadd(buf, "%s : %s", statusname, statustext);
+                               jsonObject* tmp = jsonNewObject(buf->buf);
                                char* j = jsonToStringFunc(tmp);
                                char* j = jsonToStringFunc(tmp);
-                               snprintf( buf, sizeof(buf), ",\"debug\": %s", j);
+                               buffer_reset(buf);
+                               buffer_fadd(buf, ",\"debug\": %s", j);
                                free(j);
                                jsonObjectFree(tmp);
                        }
 
                                free(j);
                                jsonObjectFree(tmp);
                        }
 
-                       ap_rputs(buf, r);
+                       ap_rputs(buf->buf, r);
 
 
+                       buffer_free(buf);
                        free(statusname);
                        free(statustext);
                }
                        free(statusname);
                        free(statustext);
                }