apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "C. Michael Pilato" <cmpil...@collab.net>
Subject Re: Buffer overflow in apr_brigade_vprintf() ?
Date Fri, 24 Apr 2009 21:06:07 GMT
C. Michael Pilato wrote:
> [Please Cc: me in responses -- I think I still have APR commit privs, but
>  I'm not active here and not subscribed to the mailing lists.]
> 
> In the past couple of weeks, I've seen two different reports of what appears
> to be corruption in the stream of data transmitted by Subversion's
> mod_dav_svn through Apache and back to the Subversion client.  What is seen
> client-side is an opening XML tag, a truncated bit of CDATA "inside" the
> tag, and then a missing XML closing tag.  The problem seems to occur with
> magically sized chunks of data, so it can be hard to reproduce[1].

[...]

Just to bring this to closure, the bug was fixed by committing the removal
of the code that tacks the NULL byte onto a possibly-already-full buffer:

   http://svn.apache.org/viewvc?view=rev&revision=768417

(Thanks, Ruediger and Jeff!)

-- 
C. Michael Pilato <cmpilato@collab.net>
CollabNet   <>   www.collab.net   <>   Distributed Development On Demand


Mime
View raw message