httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: bugs/inappropriate coding practice discovered by interproceduralcode analysis for version 2.2.8 of Apache
Date Thu, 15 May 2008 19:00:32 GMT


On 05/15/2008 05:29 AM, BOYA SUN wrote:
> Here is another potential bug we've just discovered, and it seems to be occured in several
places. Please also take a look at it if interested, thanks a lot!
> 
> Boya
> -----------------------
> Bug#7
> 
> File Name: /httpd-2.2.8/srclib/apr/file_io/unidx/readwrite.c  (63)
> Function Name: apr_file_puts()
> Code:
>    304: APR_DECLARE(apr_status_t) apr_file_puts(const char *str, apr_file_t *thefile)
>    305: {
>    306:     return apr_file_write_full(thefile, str, strlen(str), NULL);
>    307: }
>  
> Description: An error occur if apr_file_write_full() returns “!APR_SUCCESS”. According
to the above code, we infer that an error occurs if apr_file_puts() returns “!APR_SUCCESS”.
However, the return values of apr_file_puts() are not checked in the following locations.
>  
>  \apache\src\log.c(682):        apr_file_puts(errstr, logf);

I see nothing reasonable that we can do in this situation but ignoring the error.

>  \apache\src\mod_cgi.c(254):    apr_file_puts("%request\n", f);
>  \apache\src\mod_cgi.c(265):    apr_file_puts("%response\n", f);
>  \apache\src\mod_cgi.c(291):            apr_file_puts("%stdout\n", f);
>  \apache\src\mod_cgi.c(295):        apr_file_puts("\n", f);
>  \apache\src\mod_cgi.c(299):        apr_file_puts("%stderr\n", f);
>  \apache\src\mod_cgi.c(300):        apr_file_puts(argsbuffer, f);
>  \apache\src\mod_cgi.c(303):            apr_file_puts(argsbuffer, f);
>  \apache\src\mod_cgi.c(305):        apr_file_puts("\n", f);
>  \apache\src\mod_cgid.c(1029):    apr_file_puts("%request\n", f);
>  \apache\src\mod_cgid.c(1040):    apr_file_puts("%response\n", f);
>  \apache\src\mod_cgid.c(1067):            apr_file_puts("%stdout\n", f);
>  \apache\src\mod_cgid.c(1071):        apr_file_puts("\n", f);
>  \apache\src\mod_cgid.c(1077):            apr_file_puts("%stderr\n", f);
>  \apache\src\mod_cgid.c(1078):            apr_file_puts(argsbuffer, f);
>  \apache\src\mod_cgid.c(1081):                apr_file_puts(argsbuffer, f);
>  \apache\src\mod_cgid.c(1082):            apr_file_puts("\n", f); 

We might could log an error in all these situations. Somebody eager to fix this :-)?

Regards

Rüdiger


Mime
View raw message