httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jerenkra...@apache.org
Subject cvs commit: httpd-2.0/server request.c
Date Sat, 20 Oct 2001 18:27:15 GMT
jerenkrantz    01/10/20 11:27:15

  Modified:    server   request.c
  Log:
  Oh, don't you love buffer overflows?
  We need to allocate storage space for the terminating NULL AND the extra /
  we may tack on to the string at some point.
  
  How in the hell the stars were aligned for this to corrupt newv via the
  strcat at line 580 is unknown.
  
  Resolves segfault seen on daedalus.
  
  Revision  Changes    Path
  1.76      +2 -1      httpd-2.0/server/request.c
  
  Index: request.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/server/request.c,v
  retrieving revision 1.75
  retrieving revision 1.76
  diff -u -r1.75 -r1.76
  --- request.c	2001/10/17 15:12:13	1.75
  +++ request.c	2001/10/20 18:27:15	1.76
  @@ -554,7 +554,8 @@
           rv = apr_filepath_root((const char **)&r->filename,
                                  (const char **)&r->path_info,
                                  APR_FILEPATH_TRUENAME, r->pool);
  -        buflen = strlen(r->filename) + strlen(r->path_info) + 1;
  +        /* Space for terminating null and an extra / is required. */
  +        buflen = strlen(r->filename) + strlen(r->path_info) + 2;
           buf = apr_palloc(r->pool, buflen);
           strcpy (buf, r->filename);
           r->filename = buf;
  
  
  

Mime
View raw message