tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: svn commit: r1187916 - in /tomcat/jk/trunk: native/iis/jk_isapi_plugin.c xdocs/miscellaneous/changelog.xml
Date Tue, 25 Oct 2011 18:07:28 GMT
Rainer,

On 10/23/2011 12:19 PM, rjung@apache.org wrote:
> +static const char *find_path_in_uri(const char *uri, const char *path)
> +{
> +    size_t len = strlen(path);
> +    while (uri = strchr(uri, '/')) {
> +        uri++;
> +        if (!strncmp(uri, path, len) &&
> +            (*(uri + len) == '/' ||
> +             strlen(uri) == len)) {
> +            return uri;
> +        }
> +    }

Also, 'len' is never updated in the loop, so the call to strncmp could
potentially cause a SIGSEGV -- but only in the cases where something
truly nefarious is going on, anyway.

-chris


Mime
View raw message