httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <br...@hyperreal.org>
Subject security fixes in 1.2.5's proxy_util?
Date Mon, 04 May 1998 04:09:24 GMT
So in STATUS we have:

    * proxy security fixes from 1.2.5 need to be brought forward
       Jim: What are these?

The only security-related fix I can see in the 1.2.x series in the proxy
code is from proxy_util.c:

  http://www.apache.org/websrc/cvsweb.cgi/apache-
1.2/src/modules/proxy/proxy_util.c.diff?r1=1.17&r2=1.17.2.1

In which we see the following code snippet introduced:

+    if (strlen(x)+1 < 30) {
+        x = palloc(p, 30);
+    }

Yet in 1.3's proxy_util.c we see:

    if (strlen(x) < 30)
        x = ap_palloc(p, 30);

I have a hunch that the 1.2.5 code is correct, and the 1.3 code has an
off-by-one error, since strlen() doesn't count the null() at the end of the
string, whereas it's necessary to count it for palloc() and snprintf().
But then again I'm not sure why we're measuring it if we're just trashing
it later.... do we even need that if()?

	Brian


--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
pure chewing satisfaction                                  brian@apache.org
                                                        brian@hyperreal.org

Mime
View raw message