httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Evgeny Kotkov <>
Subject [PATCH] mod_http2: fix undefined behavior with LogLevel trace
Date Fri, 10 Jun 2016 14:20:27 GMT
This patch fixes an instance of undefined behavior in mod_http2 with
LogLevel >= trace2.

Please see the h2_h2_process_conn() function in h2_h2.c:631.  The
call to ap_log_cerror() passes a pointer to a non-null terminated buffer
while specifying %s in the format string.  This causes an out-of-bounds
access, and the behavior is undefined:

  h2_h2.c(631): [client] h2_h2, not detected in 24
  bytes: GET /Azimuthal_equidista\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd

I attached the patch with a fix for this issue.

Evgeny Kotkov

View raw message