httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alexander Farber" <>
Subject Ap1: Reading POST-requests buggy? (not 0-terminated)
Date Fri, 19 Oct 2007 08:49:27 GMT

the libapreq calls util_read() function -
which allocates a buffer with (r->remaining + 1) bytes.

Then it reads up to r->remaining bytes by calling
ap_get_client_block() and memcpy() repeatedly.

Neither util_read(), nor ap_get_client_block()
insert a terminating 0 at the end of the buffer.

After that the buffer is passed to split_to_parms()
which calls ap_getword() repeatedly.

So, is it a bug please? Does it maybe only work
because web clients are nice enough to send
a terminating 0 at the end of their POST requests?

Thank you
Alex (a proud owner of Doug's and Nick's books)


View raw message