httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alexander Farber" <alexander.far...@gmail.com>
Subject Ap1: Reading POST-requests buggy? (not 0-terminated)
Date Fri, 19 Oct 2007 08:49:27 GMT
Hello,

the libapreq calls util_read() function -
http://search.cpan.org/src/DOUGM/libapreq-0.31/c/apache_request.c
which allocates a buffer with (r->remaining + 1) bytes.

Then it reads up to r->remaining bytes by calling
ap_get_client_block() and memcpy() repeatedly.

Neither util_read(), nor ap_get_client_block()
insert a terminating 0 at the end of the buffer.

After that the buffer is passed to split_to_parms()
which calls ap_getword() repeatedly.

So, is it a bug please? Does it maybe only work
because web clients are nice enough to send
a terminating 0 at the end of their POST requests?

Thank you
Alex (a proud owner of Doug's and Nick's books)

-- 
http://preferans.de

Mime
View raw message