From f1aac4a3b28d9c7b94215066da82e448d55288b6 Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Fri, 29 May 2026 16:20:34 +0200 Subject: [PATCH] BUG/MINOR: cache: Fix copy of value when parsing maxage During maxage parsing, the size of the value was not properly computed when it was copied into the trash chunk. The name (max-age or s-maxage) must be skipped with the '=' character. But instead of doing a subtraction, and addition was performed, adding 2 extra bytes to the value used for the convertion to integer. In addition, the "chunk_memcat(chk, "", 1)" operation to add a trailing NULL-byte was replaced by "*(b_tail(chk)) = '\0'". It a bit easier to understand. This patch should be backported to all stable versions. --- src/cache.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/cache.c b/src/cache.c index f6055cc50..31273b74b 100644 --- a/src/cache.c +++ b/src/cache.c @@ -949,8 +949,8 @@ int http_calc_maxage(struct stream *s, struct cache *cache, int *true_maxage) if (value) { struct buffer *chk = get_trash_chunk(); - chunk_memcat(chk, value, ctx.value.len - 8 + 1); - chunk_memcat(chk, "", 1); + chunk_memcat(chk, value, ctx.value.len - (8 + 1)); + *(b_tail(chk)) = '\0'; offset = (*chk->area == '"') ? 1 : 0; smaxage = strtol(chk->area + offset, &endptr, 10); if (unlikely(smaxage < 0 || endptr == chk->area + offset)) @@ -961,8 +961,8 @@ int http_calc_maxage(struct stream *s, struct cache *cache, int *true_maxage) if (value) { struct buffer *chk = get_trash_chunk(); - chunk_memcat(chk, value, ctx.value.len - 7 + 1); - chunk_memcat(chk, "", 1); + chunk_memcat(chk, value, ctx.value.len - (7 + 1)); + *(b_tail(chk)) = '\0'; offset = (*chk->area == '"') ? 1 : 0; maxage = strtol(chk->area + offset, &endptr, 10); if (unlikely(maxage < 0 || endptr == chk->area + offset))