httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: False positive errno test after call to strtol()
Date Fri, 15 Nov 2013 17:38:29 GMT
On Thu, Nov 14, 2013 at 4:11 PM, Mike Rumph <mike.rumph@oracle.com> wrote:

> The man page for strtol() indicate that the function can set errno to
> ERANGE (EINVAL is also possible for some environments).
> But for the errno check to be valid errno should be set to 0 before the
> function call.
> - http://linux.die.net/man/3/strtol
>
> I've reviewed all cases of calls to strtol() in httpd and APR code.
> In some cases no validation is performed after the call.
> In most cases endptr (the second parameter) is checked against the
> beginning and/or ending of the string which does not guarantee against
> numeric overflow.
> In some cases errno is checked for ERANGE.
>
> I've attached a patch for the simplest case, where errno is checked but
> was not set to 0 before the call.
>

committed to trunk as r1542338; I'll propose for backport to the 2.4.x
branch


>
> I will consider working up a more extensive patch, if it is desired.
>

I suggest posting a couple of examples of what you found first.


>
> BTW, this discussion is not purely theoretical.
> Erroneous "Invalid ThreadStackSize value: " messages have been witnessed
> in HP-UX environments.
>
> Thanks,
>
> Mike Rumph
>



-- 
Born in Roswell... married an alien...
http://emptyhammock.com/

Mime
View raw message