httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject Re: [PATCH] don't access(r/w) uri[-1] when validating resource w/empty uri string
Date Thu, 05 Jul 2012 18:36:48 GMT
On Thu, 05 Jul 2012 19:33:18 +0200
Jim Meyering <jim@meyering.net> wrote:

Thanks for the patch, but can you clarify?

> At first I thought there must be code to guarantee
> that a URI (resource->uri) has length > 0,

In principle it must be for an HTTP request to exist.
Have you found a testcase or code path in which it fails?

>	 but since I found
> similar guards against precisely that case, e.g.,

That could be because it's necessary, but it could also be
because the authors of those bits of code were over-cautious,
or because the code is old and extra tests were needed when
it was written.  The mod_dav instance is a different URI.

> it seems best to guard the use below, too:

Indeed, if there is a code path that leaves null or empty
r->uri then fixing it is right.

> From 5609908643d8456c6f56197102161e56d87e56c4 Mon Sep 17 00:00:00 2001

Huh?  Did you send a patch in 2001?

>      uri = resource->uri;
>      uri_len = strlen(uri);
> -    if (uri[uri_len - 1] == '/') {
> +    if (uri_len > 1 && uri[uri_len - 1] == '/') {

That fixes empty uri, but segfaults on null URI.
Makes sense if the first is possible but the second isn't.

-- 
Nick Kew

Mime
View raw message