httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tony Sanders <sand...@bsdi.com>
Subject bug in directory indexing code (apache version 1.0.0-1.0.5)
Date Wed, 24 Apr 1996 18:22:00 GMT
I've been having some problems with apache 1.0.0-1.0.5
occassionaly getting into a tight spin-loop eating up cpu.  I
finally traced it down to the directory indexing code trashing
the stack with a null byte.  Someone should check 1.1b* for
this bug as well.

A patch follows -- though whoever "owns" that code might want to
solve the problem in a different way as I was not totally clear on
why the code was doing things the way it was doing them so I opted
to just preserve the behavior.  I also reduced the number of times
that the constant "23" was used -- it should probably be a #define.

*** mod_dir.c.orig	Wed Apr 24 12:45:48 1996
--- mod_dir.c	Wed Apr 24 13:12:47 1996
***************
*** 617,625 ****
  		t2 = pstrcat(scratch, t2, "</A>", NULL);
              } else 
  	    {
! 		char buff[23]="                       ";
  		t2 = escape_html(scratch, t);
! 		buff[23-len] = '\0';
  		t2 = pstrcat(scratch, t2, "</A>", buff, NULL);
  	    }
  	    anchor = pstrcat (scratch, "<A HREF=\"",
--- 617,626 ----
  		t2 = pstrcat(scratch, t2, "</A>", NULL);
              } else 
  	    {
! 		char buff[23];
! 		strncpy(buff, "                       ", sizeof(buff));
  		t2 = escape_html(scratch, t);
! 		buff[sizeof(buff)-len] = '\0';
  		t2 = pstrcat(scratch, t2, "</A>", buff, NULL);
  	    }
  	    anchor = pstrcat (scratch, "<A HREF=\"",

Mime
View raw message