httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: [PATCH] mod_proxy truncates status line
Date Thu, 03 Jan 2002 10:37:45 GMT
Adam Sussman wrote:

> > Are you 100% sure the buffer is big enough to do this? If the buffer is
> > of size "len" the zero will be written past the end of the buffer.
> >
> 
> In the current code, "len" is strlen(buffer) so it can be safely assumed
> to be one less than the length of the buffer (provided of course that
> ap_proxy_string_read can be trusted).

The contents of a buffer can never be trusted though - this could be
exploited as an overflow and potentially an exploit.

Regards,
Graham
-- 
-----------------------------------------
minfrin@sharp.fm		"There's a moon
					over Bourbon Street
						tonight..."
Mime
View raw message