tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Webster, Chris" <Chris_Webs...@bmc.com>
Subject jk/native/common/jk_uri_worker_map.c Efficiency in map_uri_to_worker()?
Date Tue, 05 Jun 2007 22:15:10 GMT
The code change was brought to my attention by sans.org (for
vulnerability CVE 2007-0774).  No offense intended but the fix seems a
little inefficient.

It shows the fix coded as:

for (i = 0; i < strlen(uri); i++) {
        if (i == JK_MAX_URI_LEN) {
            jk_log(l, JK_LOG_WARNING,
                   "Uri %s is invalid. Uri must be smaller then %d
chars",
                   uri, JK_MAX_URI_LEN);
            JK_TRACE_EXIT(l);
            return NULL;
        }
        if (uri[i] == ';')
            break;
        else
            url[i] = uri[i];
    }

Wouldn't it be better to be coded as something like this?

int uriLen = strlen( uri );
if ( uriLen >= JK_MAX_URI_LEN) {
   jk_log(l, JK_LOG_WARNING,
         "Uri %s is invalid. Uri must be smaller then %d chars",
          uri, JK_MAX_URI_LEN);
     JK_TRACE_EXIT(l);
     return NULL;
}
 
for (i = 0; i < uriLen; i++) {
        if (uri[i] == ';')
            break;
        else
            url[i] = uri[i];
    }

The check would then only be done once instead of for each character.
Not sure about logging the whole thing either but I'm just an observer.

Sorry but I'm not ready to dive in and make the change myself at this
time.

...chris.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message