httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Evgeny Kotkov <evgeny.kot...@visualsvn.com>
Subject [PATCH] mod_http2: fix undefined behavior with LogLevel trace
Date Fri, 10 Jun 2016 14:20:27 GMT
This patch fixes an instance of undefined behavior in mod_http2 with
LogLevel >= trace2.

Please see the h2_h2_process_conn() function in h2_h2.c:631.  The
call to ap_log_cerror() passes a pointer to a non-null terminated buffer
while specifying %s in the format string.  This causes an out-of-bounds
access, and the behavior is undefined:

  h2_h2.c(631): [client 127.0.0.1:22398] h2_h2, not detected in 24
  bytes: GET /Azimuthal_equidista\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd
  \xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd...

I attached the patch with a fix for this issue.


Regards,
Evgeny Kotkov

Mime
View raw message