httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: [PATCH 55360] Potential buffer overflows in support/ab
Date Mon, 05 Aug 2013 20:25:41 GMT
On Mon, Aug 5, 2013 at 4:10 PM, Jeff Trawick <trawick@gmail.com> wrote:

> On Mon, Aug 5, 2013 at 2:11 PM, Mike Rumph <mike.rumph@oracle.com> wrote:
>
>> Hello all,
>>
>> A comment section in support/ab.c lists the following known problems:
>>
>> /*
>>  * BUGS:
>>  *
>>  * - uses strcpy/etc.
>>  * - has various other poor buffer attacks related to the lazy parsing of
>>  *   response headers from the server
>>  * - doesn't implement much of HTTP/1.x, only accepts certain forms of
>>  *   responses
>>  * - (performance problem) heavy use of strstr shows up top in profile
>>  *   only an issue for loopback usage
>>  */
>>
>> I was able to duplicate segmentation faults through the T and X command
>> line options.
>>
>> I submitted a patch to fix potential buffer overflows through these
>> options.
>> - https://issues.apache.org/**bugzilla/show_bug.cgi?id=55360<https://issues.apache.org/bugzilla/show_bug.cgi?id=55360>
>>
>> The patch also removes 2 unreferenced fixed length buffers.
>>
>> support/ab.c also contains 3 additional fixed length buffers that could
>> potentially overflow:
>> - servername, buffer and _request
>>
>> Fixing these problems will require a deeper understanding of the code.
>>
>> Please, consider the submitted patch for adoption.
>>
>
>
> The patch looks fine in an initial glance.  I anticipate committing it
> today after eyeballing it a bit more.  (Or else I'll speak up.)
>

This is now in trunk as r1510707; I'll nominate for inclusion in 2.4.next
shortly.


> Thanks,
>
> Jeff
>
>
>>
>> Thanks,
>>
>> Mike Rumph
>>
>>
>>
>
>
> --
> Born in Roswell... married an alien...
> http://emptyhammock.com/
>



-- 
Born in Roswell... married an alien...
http://emptyhammock.com/

Mime
View raw message