httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 51412] New: Nasty warning in ftp_cmd_pbsz() -- dangerous, where long is not the same as int
Date Tue, 21 Jun 2011 18:57:48 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=51412

             Bug #: 51412
           Summary: Nasty warning in ftp_cmd_pbsz() -- dangerous, where
                    long is not the same as int
           Product: Apache httpd-2
           Version: 2.2.15
          Platform: PC
        OS/Version: FreeBSD
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ftp
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: mi+apache@aldan.algebra.com
    Classification: Unclassified


Created attachment 27190
  --> https://issues.apache.org/bugzilla/attachment.cgi?id=27190
Properly parse buffer-size

Building the module on my 64-bit machine, I get the following warning:

ftp_commands.c:1694: warning: comparison is always false due to limited range
of data type

Indeed, although ftp_connection's pbsz field is of type int, it is compared to
LONG_MAX.

The attached patch uses a private long variable to check the value supplied by
the client. Only if the value is positive and below INT_MAX is it assigned to
fc->pbsz.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message