tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mt...@apache.org
Subject svn commit: r551809 - /tomcat/connectors/trunk/jk/native/common/jk_msg_buff.c
Date Fri, 29 Jun 2007 06:32:27 GMT
Author: mturk
Date: Thu Jun 28 23:32:27 2007
New Revision: 551809

URL: http://svn.apache.org/viewvc?view=rev&rev=551809
Log:
Fix potential overflow. The actual encoded string length is strlen + 3 (Two bytes for len
and one '\0')

Modified:
    tomcat/connectors/trunk/jk/native/common/jk_msg_buff.c

Modified: tomcat/connectors/trunk/jk/native/common/jk_msg_buff.c
URL: http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/common/jk_msg_buff.c?view=diff&rev=551809&r1=551808&r2=551809
==============================================================================
--- tomcat/connectors/trunk/jk/native/common/jk_msg_buff.c (original)
+++ tomcat/connectors/trunk/jk/native/common/jk_msg_buff.c Thu Jun 28 23:32:27 2007
@@ -173,7 +173,7 @@
     }
 
     len = (unsigned short)strlen(param);
-    if (msg->len + len + 2 > msg->maxlen) {
+    if (msg->len + len + 3 > msg->maxlen) {
         return -1;
     }
 
@@ -181,7 +181,7 @@
     jk_b_append_int(msg, len);
 
     /* We checked for space !!  */
-    strncpy((char *)msg->buf + msg->len, param, len + 1);       /* including \0 */
+    memcpy(msg->buf + msg->len, param, len + 1); /* including \0 */
 #if (defined(AS400) && !defined(AS400_UTF8)) || defined(_OSD_POSIX)
     /* convert from EBCDIC if needed */
     jk_xlate_to_ascii((char *)msg->buf + msg->len, len + 1);



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message