httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bh...@gensym.com (Ben Hyde)
Subject showstopper strcpy et. al. security on WIN32
Date Wed, 06 May 1998 21:32:56 GMT

Re:
 WIN32 1.3 FINAL RELEASE SHOWSTOPPERS:
    * SECURITY: numerous uses of strcpy and strcat have potential
        for buffer overflow, someone should rewrite or verify
        they're safe

Am I missing something?

I looked at all the code within WIN32 ifdef and I don't
see much of a problem.  I didn't look at all the code
in MULTITHREAD though.  

These routine are the only ones that have the potential
to be an issue and only the first two appear interesting.

create_argv_cmd
  strdup usage appears unnecessary (there is a pool) but
  maybe there is something deeper going on downstream.

ap_call_exec
  The interpreter[2048] is unguarded.

ap_add_cgi_vars
ap_log_error
ap_proxy_hash
expand_tildepaths

Somebody that has the right paranoia about this
kind of thing ought to look at these routines.

 - ben hyde

Mime
View raw message