httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: buffer overflow patches are here
Date Sat, 18 Jan 1997 16:04:33 GMT
In mod_info.c you changed "char buf[256]" to "char buf[HUGE_STRING_LEN]"
How come?

256 should be plenty, and even if it isn't, it doesn't matter.  The
buf pointer only points to informational items. Seeing the first 255
characters of one of the items is adequate.  I don't think it is worth
another 8K on the stack.  Obviously the sprintf() to ap_snprintf() changes
you made are needed.


View raw message