httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeffrey W. Baker" <jwba...@acm.org>
Subject Re: 1.3.17 segfault from ap_unparse_uri_components() + patch
Date Fri, 09 Feb 2001 15:58:55 GMT
On Fri, 9 Feb 2001, Jim Jagielski wrote:

> Jeffrey W. Baker wrote:
> >
> > Apache 1.3.17 can segfault when trying to form a URI string from a
> > uri_components structure, if the structure has a hostname but no scheme.
> > The offending bit of code is actually in ap_default_port_for_scheme(),
> > which will pass a null pointer to strcasecmp(), and that function will
> > generate a segmentation violation when it dereferences the null pointer.
> >
> > One approach for fixing this is for ap_default_port_for_scheme() to check
> > for a NULL argument.  Here is a patch for that:
> >
> > Another method is to fix the logic in ap_unparse_uri_components().  We can
> > do that by setting the scheme to http whenever it is empty.  This may be
> > undesired, but here is a patch anyway:
> >
> > Alternately, see the attached patch which defines the default scheme in
> > util_uri.h.
> >
> > The last way is to fix ap_unparse_uri_components() completely.  It is
> > pretty fucked up right now.  And util_uri.c is full of tabs, blech.  I'll
> > rewrite it if there is any interest, but if not, I won't bother.  Please
> > let me know.
> >
>
> Agreed that ap_unparse_uri_components() is pretty nasty... A fix
> there would be prefered.

Okay, I'm on it.  I would still like to see the null check in
ap_default_port_for_scheme() on the principal of defensive programming.
I don't think that the NULL check is too expensive and that function is
not in the critical flow of the program to my knowledge.

-jwb


Mime
View raw message