From 60d8663afb0fb7f113604404c50840dfe9320039 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 8 Oct 2024 11:20:40 +0200 Subject: [PATCH] hsts: avoid the local buffer and memcpy on lookup Closes #15190 --- lib/hsts.c | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/lib/hsts.c b/lib/hsts.c index a5c216f6de..d5e883f51e 100644 --- a/lib/hsts.c +++ b/lib/hsts.c @@ -250,7 +250,6 @@ struct stsentry *Curl_hsts(struct hsts *h, const char *hostname, bool subdomain) { if(h) { - char buffer[MAX_HSTS_HOSTLEN + 1]; time_t now = time(NULL); size_t hlen = strlen(hostname); struct Curl_llist_node *e; @@ -258,15 +257,13 @@ struct stsentry *Curl_hsts(struct hsts *h, const char *hostname, if((hlen > MAX_HSTS_HOSTLEN) || !hlen) return NULL; - memcpy(buffer, hostname, hlen); if(hostname[hlen-1] == '.') /* remove the trailing dot */ --hlen; - buffer[hlen] = 0; - hostname = buffer; for(e = Curl_llist_head(&h->list); e; e = n) { struct stsentry *sts = Curl_node_elem(e); + size_t ntail; n = Curl_node_next(e); if(sts->expires <= now) { /* remove expired entries */ @@ -274,16 +271,15 @@ struct stsentry *Curl_hsts(struct hsts *h, const char *hostname, hsts_free(sts); continue; } - if(subdomain && sts->includeSubDomains) { - size_t ntail = strlen(sts->host); - if(ntail < hlen) { - size_t offs = hlen - ntail; - if((hostname[offs-1] == '.') && - strncasecompare(&hostname[offs], sts->host, ntail)) - return sts; - } + ntail = strlen(sts->host); + if((subdomain && sts->includeSubDomains) && (ntail < hlen)) { + size_t offs = hlen - ntail; + if((hostname[offs-1] == '.') && + strncasecompare(&hostname[offs], sts->host, ntail)) + return sts; } - if(strcasecompare(hostname, sts->host)) + /* avoid strcasecompare because the host name is not null terminated */ + if((hlen == ntail) && strncasecompare(hostname, sts->host, hlen)) return sts; } }