httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <br...@hyperreal.org>
Subject Re: showstopper strcpy et. al. security on WIN32
Date Sat, 09 May 1998 03:16:34 GMT
At 08:51 PM 5/6/98 -0400, you wrote:
>
>> >  WIN32 1.3 FINAL RELEASE SHOWSTOPPERS:
>> >     * SECURITY: numerous uses of strcpy and strcat have potential
>> >         for buffer overflow, someone should rewrite or verify
>> >         they're safe
>> > 
>> > Am I missing something?
>> 
>> I'm talking about the stuff in os/win32.
>
>Ah, duh...
>
>Yes, readdir.c and util_win32.c both leak, and could probably
>uses some guards or at least some analysis.  - ben hyde

maybe
  #define strcpy(x,y) ap_cpystrn(x,y,sizeof(x))
??

The strcat in readdir.c looks fine - enough space is malloced for the
target (strlen(dir) + 2 + 1) to avoid overflow as best I can tell.  The
strcats in util_win32.c don't look safe.  

Also, I see uses of malloc - shouldn't we be using pools here?  Haven't we
been getting user bug reports of memory being exhausted??

	Brian


--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
pure chewing satisfaction                                  brian@apache.org
                                                        brian@hyperreal.org

Mime
View raw message