apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bojan Smojver <bo...@rexursive.com>
Subject Re: svn commit: r394559 - /apr/apr-util/branches/1.2.x/dbd/apr_dbd_pgsql.c
Date Sun, 16 Apr 2006 23:26:02 GMT
On Sun, 2006-04-16 at 21:20 +0000, niq@apache.org wrote:

> --- apr/apr-util/branches/1.2.x/dbd/apr_dbd_pgsql.c (original)
> +++ apr/apr-util/branches/1.2.x/dbd/apr_dbd_pgsql.c Sun Apr 16 14:19:59 2006
> @@ -221,7 +221,7 @@
>                                      apr_dbd_t *sql)
>  {
>      size_t len = strlen(arg);
> -    char *ret = apr_palloc(pool, len + 1);
> +    char *ret = apr_palloc(pool, 2*(len + 1));
>      PQescapeString(ret, arg, len);
>      return ret;
>  }

Should we be reporting the above as a security problem in Apache 2.2.0
(i.e. a potential heap overflow), given that the code ships with it?

-- 
Bojan


Mime
View raw message