You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by pq...@apache.org on 2004/07/10 09:18:50 UTC
cvs commit: httpd-2.0/support ab.c
pquerna 2004/07/10 00:18:50
Modified: . CHANGES
support ab.c
Log:
Small fix on ab's use of sprintf().
PR: 28204
Submitted by: Erik Weide <erik.weidel mplus-technologies.de>
Revision Changes Path
1.1534 +3 -0 httpd-2.0/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/httpd-2.0/CHANGES,v
retrieving revision 1.1533
retrieving revision 1.1534
diff -u -r1.1533 -r1.1534
--- CHANGES 10 Jul 2004 03:38:01 -0000 1.1533
+++ CHANGES 10 Jul 2004 07:18:50 -0000 1.1534
@@ -2,6 +2,9 @@
[Remove entries to the current 2.0 section below, when backported]
+ *) ab: Handle long URLs with an error instead of an buffer overflow.
+ PR 28204. [Erik Weide <erik.weidel mplus-technologies.de>, Paul Querna]
+
*) mod_so, core: Add new command line options to print all loaded
modules. '-t -D DUMP_MODULES' and '-M' will show all static
and shared modules as loaded from the configuration file.
1.146 +11 -5 httpd-2.0/support/ab.c
Index: ab.c
===================================================================
RCS file: /home/cvs/httpd-2.0/support/ab.c,v
retrieving revision 1.145
retrieving revision 1.146
diff -u -r1.145 -r1.146
--- ab.c 29 Jun 2004 13:33:24 -0000 1.145
+++ ab.c 10 Jul 2004 07:18:50 -0000 1.146
@@ -313,7 +313,7 @@
apr_time_t start, endtime;
/* global request (and its length) */
-char _request[512];
+char _request[2048];
char *request = _request;
apr_size_t reqlen;
@@ -1536,6 +1536,7 @@
apr_int16_t rv;
long i;
apr_status_t status;
+ int snprintf_res = 0;
#ifdef NOT_ASCII
apr_size_t inbytes_left, outbytes_left;
#endif
@@ -1570,7 +1571,8 @@
/* setup request */
if (posting <= 0) {
- sprintf(request, "%s %s HTTP/1.0\r\n"
+ snprintf_res = apr_snprintf(request, sizeof(_request),
+ "%s %s HTTP/1.0\r\n"
"User-Agent: ApacheBench/%s\r\n"
"%s" "%s" "%s"
"Host: %s%s\r\n"
@@ -1583,7 +1585,8 @@
cookie, auth, host_field, colonhost, hdrs);
}
else {
- sprintf(request, "POST %s HTTP/1.0\r\n"
+ snprintf_res = apr_snprintf(request, sizeof(_request),
+ "POST %s HTTP/1.0\r\n"
"User-Agent: ApacheBench/%s\r\n"
"%s" "%s" "%s"
"Host: %s%s\r\n"
@@ -1598,6 +1601,9 @@
cookie, auth,
host_field, colonhost, postlen,
(content_type[0]) ? content_type : "text/plain", hdrs);
+ }
+ if (snprintf_res >= sizeof(_request)) {
+ err("Request too long\n");
}
if (verbosity >= 2)