tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: svn commit: r1187916 - in /tomcat/jk/trunk: native/iis/jk_isapi_plugin.c xdocs/miscellaneous/changelog.xml
Date Tue, 25 Oct 2011 19:37:36 GMT
On 25.10.2011 20:07, Christopher Schultz wrote:
> Rainer,
> 
> On 10/23/2011 12:19 PM, rjung@apache.org wrote:
>> +static const char *find_path_in_uri(const char *uri, const char
>> *path) +{ +    size_t len = strlen(path); +    while (uri =
>> strchr(uri, '/')) { +        uri++; +        if (!strncmp(uri,
>> path, len) && +            (*(uri + len) == '/' || +
>> strlen(uri) == len)) { +            return uri; +        } +
>> }
> 
> Also, 'len' is never updated in the loop, so the call to strncmp
> could potentially cause a SIGSEGV -- but only in the cases where
> something truly nefarious is going on, anyway.

Hmmm, I don't get that: path isn't changed, strncmp() will never
compare beyond terminating '0', and uri+len must be inside uri if
length of path is len, and uri and path coincide for len chars. Of
course *(uri+len) could be '0', but that's OK.

Regards,

Rainer


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message