You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Nick Kew <ni...@webthing.com> on 2009/05/22 18:13:31 UTC

DO NOT REPLY [Bug 30586] Apache htdbm utility buffer overflows/format strings

On Fri, 22 May 2009 07:38:16 -0700 (PDT)
bugzilla@apache.org wrote:

[ouch, just replied to bugs@ - sorry]

> https://issues.apache.org/bugzilla/show_bug.cgi?id=30586

> --- Comment #1 from Dan Poirier <po...@pobox.com>  2009-05-22
> 07:38:14 PST --- It looks like this is still a potential issue in
> trunk.

Looks like you're probably right.  But it's not clear to me
why there's a fixed-size buffer there in the first place,
rather than just using the string already allocated in
apr_pstrndup, truncated at the colon if applicable (chunk 1),
and (I haven't checked the other half, but it looks similar).

If noone shouts, I might just hack that.  Bug me if I drop it.

-- 
Nick Kew