Return-Path: X-Original-To: apmail-httpd-dev-archive@www.apache.org Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id F3B5410FCB for ; Fri, 15 Nov 2013 17:38:57 +0000 (UTC) Received: (qmail 94809 invoked by uid 500); 15 Nov 2013 17:38:56 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 94675 invoked by uid 500); 15 Nov 2013 17:38:56 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 94667 invoked by uid 99); 15 Nov 2013 17:38:55 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 15 Nov 2013 17:38:55 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of trawick@gmail.com designates 209.85.217.181 as permitted sender) Received: from [209.85.217.181] (HELO mail-lb0-f181.google.com) (209.85.217.181) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 15 Nov 2013 17:38:50 +0000 Received: by mail-lb0-f181.google.com with SMTP id q8so1785487lbi.12 for ; Fri, 15 Nov 2013 09:38:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=Ys94cvr3QVZLc3G5jlOa/h5okE7tJQ2UDS+zvpK763E=; b=F0ZEhm2G2q9QEGQuWM3WfB4kvPpfYYnT2MO5Jmu1s6L4IwHvhmvbUjaBW/Q1y81gT2 Xra6AjAYNsfHa6POv2mRciIBv4xZnZwU4zpRAHXVFZp+QOFlJfn8FjWmu5l/zcZKIhu9 +oyXTfInVoWjcHk+MDbjPTaEzhYRP35ZKem8nko0o6ha/0hoAEQJmarFconTurGkLxRq 3EndyQjRAH1AMtA/MEuiT4ZDEAdRGtsUXg5HOofrKBxhRfNiKO0WSwh1Yetido53yRxA Q+sQxeJ69x9MAWSCRTSxXNgb1dNt3ktcuF6lYqH9nE6Y9nO/JDgwpicyv9ZpXL3+ua2M o0wg== MIME-Version: 1.0 X-Received: by 10.112.171.4 with SMTP id aq4mr193939lbc.68.1384537109771; Fri, 15 Nov 2013 09:38:29 -0800 (PST) Received: by 10.114.187.71 with HTTP; Fri, 15 Nov 2013 09:38:29 -0800 (PST) In-Reply-To: <52853C6E.5070802@oracle.com> References: <52853C6E.5070802@oracle.com> Date: Fri, 15 Nov 2013 12:38:29 -0500 Message-ID: Subject: Re: False positive errno test after call to strtol() From: Jeff Trawick To: Apache HTTP Server Development List Content-Type: multipart/alternative; boundary=001a11c381569b3c6404eb3aaac1 X-Virus-Checked: Checked by ClamAV on apache.org --001a11c381569b3c6404eb3aaac1 Content-Type: text/plain; charset=ISO-8859-1 On Thu, Nov 14, 2013 at 4:11 PM, Mike Rumph wrote: > The man page for strtol() indicate that the function can set errno to > ERANGE (EINVAL is also possible for some environments). > But for the errno check to be valid errno should be set to 0 before the > function call. > - http://linux.die.net/man/3/strtol > > I've reviewed all cases of calls to strtol() in httpd and APR code. > In some cases no validation is performed after the call. > In most cases endptr (the second parameter) is checked against the > beginning and/or ending of the string which does not guarantee against > numeric overflow. > In some cases errno is checked for ERANGE. > > I've attached a patch for the simplest case, where errno is checked but > was not set to 0 before the call. > committed to trunk as r1542338; I'll propose for backport to the 2.4.x branch > > I will consider working up a more extensive patch, if it is desired. > I suggest posting a couple of examples of what you found first. > > BTW, this discussion is not purely theoretical. > Erroneous "Invalid ThreadStackSize value: " messages have been witnessed > in HP-UX environments. > > Thanks, > > Mike Rumph > -- Born in Roswell... married an alien... http://emptyhammock.com/ --001a11c381569b3c6404eb3aaac1 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
On Thu, Nov 14, 2013 at 4:11 PM, Mike Rumph <mike.rum= ph@oracle.com> wrote:
The man page for strtol() indicate that the = function can set errno to ERANGE (EINVAL is also possible for some environm= ents).
But for the errno check to be valid errno should be set to 0 before the fun= ction call.
- http://li= nux.die.net/man/3/strtol

I've reviewed all cases of calls to strtol() in httpd and APR code.
In some cases no validation is performed after the call.
In most cases endptr (the second parameter) is checked against the beginnin= g and/or ending of the string which does not guarantee against numeric over= flow.
In some cases errno is checked for ERANGE.

I've attached a patch for the simplest case, where errno is checked but= was not set to 0 before the call.

comm= itted to trunk as r1542338; I'll propose for backport to the 2.4.x bran= ch
=A0

I will consider working up a more extensive patch, if it is desired.

I suggest posting a couple of examples of wha= t you found first.
=A0

BTW, this discussion is not purely theoretical.
Erroneous "Invalid ThreadStackSize value: " messages have been wi= tnessed in HP-UX environments.

Thanks,

Mike Rumph



--
Born in Rosw= ell... married an alien...
http://emptyhammock.com/
--001a11c381569b3c6404eb3aaac1--