You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by pq...@apache.org on 2004/07/10 09:18:50 UTC

cvs commit: httpd-2.0/support ab.c

pquerna     2004/07/10 00:18:50

  Modified:    .        CHANGES
               support  ab.c
  Log:
  Small fix on ab's use of sprintf().
  
  PR: 28204
  Submitted by: Erik Weide <erik.weidel mplus-technologies.de>
  
  Revision  Changes    Path
  1.1534    +3 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.1533
  retrieving revision 1.1534
  diff -u -r1.1533 -r1.1534
  --- CHANGES	10 Jul 2004 03:38:01 -0000	1.1533
  +++ CHANGES	10 Jul 2004 07:18:50 -0000	1.1534
  @@ -2,6 +2,9 @@
   
     [Remove entries to the current 2.0 section below, when backported]
   
  +  *) ab: Handle long URLs with an error instead of an buffer overflow.
  +     PR 28204. [Erik Weide <erik.weidel mplus-technologies.de>, Paul Querna]
  +
     *) mod_so, core: Add new command line options to print all loaded
        modules. '-t -D DUMP_MODULES' and '-M' will show all static 
        and shared modules as loaded from the configuration file.
  
  
  
  1.146     +11 -5     httpd-2.0/support/ab.c
  
  Index: ab.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/support/ab.c,v
  retrieving revision 1.145
  retrieving revision 1.146
  diff -u -r1.145 -r1.146
  --- ab.c	29 Jun 2004 13:33:24 -0000	1.145
  +++ ab.c	10 Jul 2004 07:18:50 -0000	1.146
  @@ -313,7 +313,7 @@
   apr_time_t start, endtime;
   
   /* global request (and its length) */
  -char _request[512];
  +char _request[2048];
   char *request = _request;
   apr_size_t reqlen;
   
  @@ -1536,6 +1536,7 @@
       apr_int16_t rv;
       long i;
       apr_status_t status;
  +    int snprintf_res = 0;
   #ifdef NOT_ASCII
       apr_size_t inbytes_left, outbytes_left;
   #endif
  @@ -1570,7 +1571,8 @@
   
       /* setup request */
       if (posting <= 0) {
  -        sprintf(request, "%s %s HTTP/1.0\r\n"
  +        snprintf_res = apr_snprintf(request, sizeof(_request), 
  +            "%s %s HTTP/1.0\r\n"
               "User-Agent: ApacheBench/%s\r\n"
               "%s" "%s" "%s"
               "Host: %s%s\r\n"
  @@ -1583,7 +1585,8 @@
               cookie, auth, host_field, colonhost, hdrs);
       }
       else {
  -        sprintf(request, "POST %s HTTP/1.0\r\n"
  +        snprintf_res = apr_snprintf(request,  sizeof(_request),
  +            "POST %s HTTP/1.0\r\n"
               "User-Agent: ApacheBench/%s\r\n"
               "%s" "%s" "%s"
               "Host: %s%s\r\n"
  @@ -1598,6 +1601,9 @@
               cookie, auth,
               host_field, colonhost, postlen,
               (content_type[0]) ? content_type : "text/plain", hdrs);
  +    }
  +    if (snprintf_res >= sizeof(_request)) {
  +        err("Request too long\n");
       }
   
       if (verbosity >= 2)