ja4 - fix unwanted conversion to std::string causing heap use-after-free

- std::make_pair() creates a pair of strings, which are however converted immediately to string_views to statisfy the `process_header_pair` arguments.
astibal · Nov 21, 2024 · 3bf239d · 3bf239d
1 parent 50a3f3b
commit 3bf239d
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/src/inspect/engine/http.cpp b/src/inspect/engine/http.cpp
@@ -535,7 +535,10 @@ namespace sx::engine::http {
                     process_header_entry(ctx, side, my_app_data,
                                          stream_id, flags, data, hdr, hdr_elem);
                     if(ja4h.has_value()) {
-                        ja4h->process_header_pair(std::make_pair(hdr, hdr_elem));
+                        std::string_view view_to_hdr = hdr;
+                        std::string_view view_to_hdr_elem = hdr_elem;
+
+                        ja4h->process_header_pair(std::make_pair(view_to_hdr, view_to_hdr_elem));
                     }
                 }
             }