httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Arturo 'Buanzo' Busleiman <bua...@buanzo.com.ar>
Subject Re: Why is r->handler a garbled string?
Date Tue, 30 Dec 2008 20:43:02 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

John David Duncan wrote:
>    if(strcmp(r->handler,my_name)) return DECLINED;

why aren't you using strncmp?!

Sorry, couldn't help it. I've seen (and exploited) way too many vulns like this.

- --
Arturo "Buanzo" Busleiman
Independent Linux and Security Consultant - SANS - OISSG - OWASP
http://www.buanzo.com.ar/pro/eng.html
Mailing List Archives at http://archiver.mailfighter.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJWofWAlpOsGhXcE0RCusdAJ4rGSTzod8vgjrwuwBOiCGcfZTg6wCfWDUY
gcsvk8AaZeWEj7S/AyVrW4A=
=GSRX
-----END PGP SIGNATURE-----

Mime
View raw message