Return-Path: X-Original-To: apmail-httpd-bugs-archive@www.apache.org Delivered-To: apmail-httpd-bugs-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 896DE7077 for ; Mon, 19 Dec 2011 21:36:42 +0000 (UTC) Received: (qmail 40474 invoked by uid 500); 19 Dec 2011 21:36:42 -0000 Delivered-To: apmail-httpd-bugs-archive@httpd.apache.org Received: (qmail 40445 invoked by uid 500); 19 Dec 2011 21:36:42 -0000 Mailing-List: contact bugs-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: "Apache HTTPD Bugs Notification List" List-Id: Delivered-To: mailing list bugs@httpd.apache.org Received: (qmail 40436 invoked by uid 99); 19 Dec 2011 21:36:42 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 19 Dec 2011 21:36:42 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.115] (HELO eir.zones.apache.org) (140.211.11.115) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 19 Dec 2011 21:36:41 +0000 Received: by eir.zones.apache.org (Postfix, from userid 80) id 4F3803C8C7; Mon, 19 Dec 2011 21:36:20 +0000 (UTC) From: bugzilla@apache.org To: bugs@httpd.apache.org Subject: DO NOT REPLY [Bug 52370] New: apreq_decode/url_decode length miscalculation Date: Mon, 19 Dec 2011 21:36:18 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Apache httpd-2 X-Bugzilla-Component: libapreq2 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: gleonid@yahoo.com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: bugs@httpd.apache.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: Message-ID: X-Bugzilla-URL: https://issues.apache.org/bugzilla/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 https://issues.apache.org/bugzilla/show_bug.cgi?id=52370 Bug #: 52370 Summary: apreq_decode/url_decode length miscalculation Product: Apache httpd-2 Version: 2.5-HEAD Platform: PC OS/Version: Windows XP Status: NEW Severity: normal Priority: P2 Component: libapreq2 AssignedTo: bugs@httpd.apache.org ReportedBy: gleonid@yahoo.com Classification: Unclassified in libapreq2-2.13. in library/util.c file there is a bug in apreq_decode implementation. Bug appears when destination buffer is the same as a source. Basically problem is that if source string has at least one non encoded character in the beginning - resulting(decoded) string length ends up being lesser than it should be. here is a proposed patch: # diff -rNu util.c.orig util.c > util.c.patch # patch util.c << --- util.c.orig Thu Mar 05 19:39:07 2009 +++ util.c Wed Dec 02 16:08:13 2009 @@ -432,6 +432,7 @@ { apr_size_t len = 0; const char *end = s + slen; + apr_status_t status = APR_SUCCESS; if (s == (const char *)d) { /* optimize for src = dest case */ for ( ; d < end; ++d) { @@ -447,7 +448,10 @@ slen -= len; } - return url_decode(d, dlen, s, &slen); + status = url_decode(d, dlen, s, &slen); + if (APR_SUCCESS == status) + *dlen += len; + return status; } APREQ_DECLARE(apr_status_t) apreq_decodev(char *d, apr_size_t *dlen, << -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org For additional commands, e-mail: bugs-help@httpd.apache.org