httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Bley <>
Subject Question: sprintf, possible buffer overflow in a version of main()?
Date Sat, 06 Mar 1999 22:07:44 GMT
If SHARED_CORE_BOOTSTRAP is defined (it's not on my system in a default 
configuration), there's a version of main in http_main.c that I 
don't fully understand yet.

Even so, I do see that sprintf() is called three times there, all of 
which take data nearly directly from a command-line switch (after a strdup).

The default buffer to accept this argument is of length MAX_STRING_LEN 
(8192) - On Solaris at least, I can easily create command-line args 
longer than that.  Is there a possible buffer overflow here - should 
snprintf or its ap_ variant be used instead?

Or am I just being too paranoid?  Perhaps on systems that need this 
version of main, command-line args have a truncation length.

John Bley -
Duke '99 - English/Computer Science
  Since English is a mess, it maps well onto the problem space,
  which is also a mess, which we call reality.     - Larry Wall

View raw message