httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: [PATCH 55360] Potential buffer overflows in support/ab
Date Mon, 05 Aug 2013 20:10:41 GMT
On Mon, Aug 5, 2013 at 2:11 PM, Mike Rumph <mike.rumph@oracle.com> wrote:

> Hello all,
>
> A comment section in support/ab.c lists the following known problems:
>
> /*
>  * BUGS:
>  *
>  * - uses strcpy/etc.
>  * - has various other poor buffer attacks related to the lazy parsing of
>  *   response headers from the server
>  * - doesn't implement much of HTTP/1.x, only accepts certain forms of
>  *   responses
>  * - (performance problem) heavy use of strstr shows up top in profile
>  *   only an issue for loopback usage
>  */
>
> I was able to duplicate segmentation faults through the T and X command
> line options.
>
> I submitted a patch to fix potential buffer overflows through these
> options.
> - https://issues.apache.org/**bugzilla/show_bug.cgi?id=55360<https://issues.apache.org/bugzilla/show_bug.cgi?id=55360>
>
> The patch also removes 2 unreferenced fixed length buffers.
>
> support/ab.c also contains 3 additional fixed length buffers that could
> potentially overflow:
> - servername, buffer and _request
>
> Fixing these problems will require a deeper understanding of the code.
>
> Please, consider the submitted patch for adoption.
>


The patch looks fine in an initial glance.  I anticipate committing it
today after eyeballing it a bit more.  (Or else I'll speak up.)

Thanks,

Jeff


>
> Thanks,
>
> Mike Rumph
>
>
>


-- 
Born in Roswell... married an alien...
http://emptyhammock.com/

Mime
View raw message