httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Nicholes" <>
Subject RE: I WANT A GA release
Date Fri, 05 Apr 2002 18:22:08 GMT
I'm still seeing a problem with apr_tokenize_to_argv() that causes the
parser to run off the end string.  I know this causes a fault on
NetWare, but since I don't understand this code completely and the
comments about allowing for a NULL argument are confusing, I was hoping
someone would confirm or deny the problem.

   It appears that apr_tokenize_to_argv() is running off the end of
string in the following while loop:

while (*ct != '\0') {
       CHECK_QUOTATION(ct, isquoted);
       DETERMINE_NEXTSTRING(ct, isquoted);

Given the null terminated string

     vol2:/apache20/bin/rotlogs.nlm vol2:/apache/logs 2000

which would result from the configuration directive

     CustomLog "|vol2:/apache20/bin/rotlogs.nlm
vol2:/apache/logs/rotlogs 2000" common

the above while loop would continue to parse the string after it
reached the null terminator.  The reason why is because the macro
DETERMINE_NEXTSTRING() leaves "ct" pointing at the NULL after it
the last parameter.  Then "ct" is incremented before the while loop
a chance to check for NULL.  So unless the string is double NULL
terminated, the resulting argument list will end up with whatever
garbage it finds after the end of the string.  Is the argument string
being passed in guaranteed to be double NULL terminated or have we
been getting lucky?


Brad Nicholes
Senior Software Engineer
Novell, Inc., a leading provider of Net business solutions 

>>> Friday, April 05, 2002 10:56:47 AM >>>
+1 on GA.  2 issues on HEAD i'd like to see resolved first:

- proxy not sending content-length
- httpd.conf not installed with vpath builds (issue does not exist with

  current .34 tag)

View raw message