tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jerome "Lacoste (Frisurf)" <lacos...@frisurf.no>
Subject Re: cvs commit: jakarta-tomcat-connectors/jk/xdocs/jk workershowto.xml
Date Fri, 03 Jan 2003 10:05:48 GMT
>                         const char *wname) {
>   +    int rc = JK_TRUE;
>   +    char buf[1024];
>   +    if (m && wname) {
>   +        int value;
>   +        sprintf(buf, "%s.%s.%s", PREFIX_OF_WORKER, wname, STICKY_SESSION);

Seeing that checkin I got curious and I had a look at the code. 
I saw that this sprintf is used a lot in that way. Was wondering if
there was a way to pass some parameters to overflow the buffer.
Especially if the name comes from a property read from a file. I didn't
see any special protection checking the length of the parameters, wname
in that case.

Am I wrong?

J.




--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message