tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: svn commit: r1187916 - in /tomcat/jk/trunk: native/iis/jk_isapi_plugin.c xdocs/miscellaneous/changelog.xml
Date Tue, 25 Oct 2011 19:57:00 GMT
Rainer,

On 10/25/2011 3:37 PM, Rainer Jung wrote:
> On 25.10.2011 20:07, Christopher Schultz wrote:
>> Rainer,
>>
>> On 10/23/2011 12:19 PM, rjung@apache.org wrote:
>>> +static const char *find_path_in_uri(const char *uri, const char
>>> *path) +{ +    size_t len = strlen(path); +    while (uri =
>>> strchr(uri, '/')) { +        uri++; +        if (!strncmp(uri,
>>> path, len) && +            (*(uri + len) == '/' || +
>>> strlen(uri) == len)) { +            return uri; +        } +
>>> }
>>
>> Also, 'len' is never updated in the loop, so the call to strncmp
>> could potentially cause a SIGSEGV -- but only in the cases where
>> something truly nefarious is going on, anyway.
> 
> Hmmm, I don't get that: path isn't changed, strncmp() will never
> compare beyond terminating '0', and uri+len must be inside uri if
> length of path is len, and uri and path coincide for len chars.

Yeah, I'm re-thinking my assertion: the code is probably safe.

On the other hand, why bother using strNcmp instead of just strcmp given
that you are trusting 'path' to be clean already. I guess there's no
reason NOT to use strNcmp when you have a choice.

> Of course *(uri+len) could be '0', but that's OK.

Also nevermind about the // : strchr returns a pointer, not an index. :(

-chris


Mime
View raw message