httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Nicholes" <BNICHO...@novell.com>
Subject Re: [PATCH] UseCanonicalName (1.3/2.x)
Date Wed, 12 Nov 2003 20:54:44 GMT
+1 checking for port_str

Brad

Brad Nicholes
Senior Software Engineer
Novell, Inc., the leading provider of Net business solutions
http://www.novell.com 

>>> Jim Jagielski <jim@jaguNET.com> Wednesday, November 12, 2003
1:50:37 PM >>>
Brad Nicholes wrote:
> 
> >Also, this exposes a bug, I think, in 2.0/2.1.
> >parsed_uri.port is valid iff parsed_uri.port_str != NULL.
> >Currently, we are testing just to see if parsed_uri.port
> >itself isn't 0.
> 
> What you are saying then is that without testing
parsed_uri.port_str,
> there is no way of knowing if port 0 could actually be a valid port
or
> if parsed_uri.port contains garbage that just happens to look like a
> port.  The former depends on whether port 0 can actually be a valid
port
> and the latter depends on how the parsed_uri structure is
initialized.
> 

>From what I can see (prelim look into the URI parsing) it is
possible for port to be garbage if port_str == NULL. Exactly
what kind of garbage is undefined... it could be 0 for some
and *real* garbage for others... The check for port!=0 doesn't
suffice to ensure that the value used for port is *valid*.
Note that a garbage value of port that is non-zero would
be used as valid in 2.x right now...

mod_proxy, by the way, gets this right and checks port_str before
using port.
-- 
===========================================================================
   Jim Jagielski   [|]   jim@jaguNET.com   [|]  
http://www.jaguNET.com/ 
      "A society that will trade a little liberty for a little order
             will lose both and deserve neither" - T.Jefferson

Mime
View raw message