tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Funk <funk...@joedog.org>
Subject Re: cvs commit: jakarta-tomcat-connectors/jk/xdocs/jk workershowto.xml
Date Fri, 03 Jan 2003 11:52:43 GMT
wname is the worker name. This name is the name of the worker as defined 
in the JK property config file. Eg:

worker.tomcat1.host=localhost
        ^^^^^^^

For example above: tomcat1 is the worker name.

If someone were to attempt a buffer overflow, they would need write 
access to the Jk config file. (Then have enough permission/patience 
until apache is restarted).

I do not think this is a problem (except for the admin of the box).

-Tim


Jerome Lacoste (Frisurf) wrote:
>>                        const char *wname) {
>>  +    int rc = JK_TRUE;
>>  +    char buf[1024];
>>  +    if (m && wname) {
>>  +        int value;
>>  +        sprintf(buf, "%s.%s.%s", PREFIX_OF_WORKER, wname, STICKY_SESSION);
> 
> 
> Seeing that checkin I got curious and I had a look at the code. 
> I saw that this sprintf is used a lot in that way. Was wondering if
> there was a way to pass some parameters to overflow the buffer.
> Especially if the name comes from a property read from a file. I didn't
> see any special protection checking the length of the parameters, wname
> in that case.
> 
> Am I wrong?
> 
> J.
> 
> 
> 
> 
> --
> To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>
> 
> 
> 


--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message