From 3764b8551463b900b5b4e3ec0cd9bb9182191cb7 Mon Sep 17 00:00:00 2001
From: rofl0r <rofl0r@users.noreply.github.com>
Date: Thu, 8 Sep 2022 15:18:04 +0000
Subject: [PATCH] prevent junk from showing up in error page in invalid
 requests

fixes #457

https://github.com/tinyproxy/tinyproxy/commit/3764b8551463b900b5b4e3ec0cd9bb9182191cb7
Upstream-Status: Backport
CVE: CVE-2022-40468
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
---
 src/reqs.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/reqs.c b/src/reqs.c
index bce69819..45db118d 100644
--- a/src/reqs.c
+++ b/src/reqs.c
@@ -343,8 +343,12 @@ static struct request_s *process_request (struct conn_s *connptr,
                 goto fail;
         }
 
+        /* zero-terminate the strings so they don't contain junk in error page */
+        request->method[0] = url[0] = request->protocol[0] = 0;
+
         ret = sscanf (connptr->request_line, "%[^ ] %[^ ] %[^ ]",
                       request->method, url, request->protocol);
+
         if (ret == 2 && !strcasecmp (request->method, "GET")) {
                 request->protocol[0] = 0;