httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: svn commit: r573903 - in /httpd/httpd/trunk: CHANGES modules/proxy/proxy_util.c
Date Sun, 09 Sep 2007 19:22:51 GMT


On 09/09/2007 04:16 PM, Nick Kew wrote:
> On Sun, 09 Sep 2007 11:51:37 +0200
> Ruediger Pluem <rpluem@apache.org> wrote:

>> I am slightly confused here: IMHO apr_cpystrn does exactly what you
>> do here (it terminates pos with \0 and sets the pointer of pos to the
>> terminating \0) But it avoids reading over a possible terminating \0
>> in response which seems good to me.
> 
>   char *buf = apr_pcalloc(p, 20);
>   char *pos = apr_cpystrn(buf, "123456", 6);
>   pos = apr_cpystrn(buf, "ABCDEF", 6);
>   *pos = '\n';
>   puts(buf);
> 
> 12345ABCDE
> 
> The bug we're fixing is that the last byte of each string is getting
> overwritten, because the length argument to apr_cpystrn includes the
> terminating null.  The OP had a slightly different fix (increment len);
> I took the view that the NULLs were unnecessary whilst in a
> byte-counting loop and modified it as above.
> 
> As for running past a \0 (which would imply a malformed input stream),
> the caller expects a string, so the first NULL will terminate it
> either way.  Also either way the terminating condition is the
> APR_ASCII_LF, or an input error.

Ok. Got it. Thanks for the detailed explanation.

Regards

RĂ¼diger



> 

Mime
View raw message