You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Nick Kew <ni...@webthing.com> on 2009/05/22 18:13:31 UTC
DO NOT REPLY [Bug 30586] Apache htdbm utility buffer
overflows/format strings
On Fri, 22 May 2009 07:38:16 -0700 (PDT)
bugzilla@apache.org wrote:
[ouch, just replied to bugs@ - sorry]
> https://issues.apache.org/bugzilla/show_bug.cgi?id=30586
> --- Comment #1 from Dan Poirier <po...@pobox.com> 2009-05-22
> 07:38:14 PST --- It looks like this is still a potential issue in
> trunk.
Looks like you're probably right. But it's not clear to me
why there's a fixed-size buffer there in the first place,
rather than just using the string already allocated in
apr_pstrndup, truncated at the colon if applicable (chunk 1),
and (I haven't checked the other half, but it looks similar).
If noone shouts, I might just hack that. Bug me if I drop it.
--
Nick Kew