RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 20:57:35 +00:00
Code Issues Activity Actions

RequestServer: Avoid Vector OOB access in ConnectionCache

Browse source 
`it.is_end()` could be updated to return false for a previously-invalid
iterator after we append a new socket, copy its value out to a local
variable to not hit this behaviour.
This commit is contained in:
Ali Mohammad Pur 2022-02-08 20:28:13 +03:30 committed by Linus Groh
parent fd0f1d0c1a
commit 5dceba29a4
1 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
Userland/Services/RequestServer/ConnectionCache.h
View file

@ -149,7 +149,8 @@ decltype(auto) get_or_create_connection(auto& cache, URL const& url, auto& job)
using ReturnType = decltype(&sockets_for_url[0]);
auto it = sockets_for_url.find_if([](auto& connection) { return connection->request_queue.is_empty(); });
auto did_add_new_connection = false;
if (it.is_end() && sockets_for_url.size() < ConnectionCache::MaxConcurrentConnectionsPerURL) {
auto failed_to_find_a_socket = it.is_end();
if (failed_to_find_a_socket && sockets_for_url.size() < ConnectionCache::MaxConcurrentConnectionsPerURL) {
using ConnectionType = RemoveCVReference<decltype(cache.begin()->value->at(0))>;
auto connection_result = ConnectionType::SocketType::connect(url.host(), url.port_or_default());
if (connection_result.is_error()) {
@ -174,7 +175,7 @@ decltype(auto) get_or_create_connection(auto& cache, URL const& url, auto& job)
did_add_new_connection = true;
}
size_t index;
if (it.is_end()) {
if (failed_to_find_a_socket) {
if (did_add_new_connection) {
index = sockets_for_url.size() - 1;
} else {