You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Zvi Har'El <rl...@math.technion.ac.il> on 2001/10/29 14:23:15 UTC
[patch] Truncated port number in Via:
Hi,
In the latest CVS snapshot of apache2, proxy_http.c has a bug, in the function
ap_proxy_http_determine_connection(), which, among other things, prepares the
string server_portstr which is used in the Via header. The line which
prepares this string is
apr_snprintf(server_portstr, sizeof(server_portstr), ":%d", server_port);
This could have been OK, if server_portstr was a character array. However,
server_portstr is a character pointer (it is a formal parameter of this
function), and there for its size is 4 (at least on a 32 bits machine), which
truncates the port number to the first two digits! E.g, if the port number is
8443, the result is ":84" (with a null byte). In the calling function,
ap_proxy_http_handler, server_portstr is really defined as a 32 bytes character
array, but this doesn't help here! It is easy to fix, of-course, e.g, by adding
another formal parameter for the size of the string, and fixing the call.
This is a (tested) patch which does that:
--- proxy_http.c~ Sun Oct 14 23:50:23 2001
+++ proxy_http.c Mon Oct 29 15:17:12 2001
@@ -194,7 +194,8 @@
char **url,
const char *proxyname,
apr_port_t proxyport,
- char *server_portstr) {
+ char *server_portstr,
+ int server_portstr_size) {
int server_port;
apr_status_t err;
apr_sockaddr_t *uri_addr;
@@ -253,7 +254,7 @@
if (ap_is_default_port(server_port, r)) {
strcpy(server_portstr,"");
} else {
- apr_snprintf(server_portstr, sizeof(server_portstr), ":%d",
+ apr_snprintf(server_portstr, server_portstr_size, ":%d",
server_port);
}
}
@@ -940,7 +941,8 @@
/* Step One: Determine Who To Connect To */
status = ap_proxy_http_determine_connection(p, r, p_conn, c, conf, uri,
&url, proxyname, proxyport,
- server_portstr);
+ server_portstr,
+ sizeof(server_portstr));
if ( status != OK ) {
return status;
}
Best,
Zvi.
--
Dr. Zvi Har'El mailto:rl@math.technion.ac.il Department of Mathematics
tel:+972-54-227607 Technion - Israel Institute of Technology
fax:+972-4-8324654 http://www.math.technion.ac.il/~rl/ Haifa 32000, ISRAEL
"If you can't say somethin' nice, don't say nothin' at all." -- Thumper (1942)
Monday, 12 Heshvan 5762, 29 October 2001, 3:00PM
Re: [patch] Truncated port number in Via:
Posted by Aaron Bannert <aa...@clove.org>.
On Mon, Oct 29, 2001 at 03:35:56PM +0200, Zvi Har'El wrote:
> On Mon, 29 Oct 2001, Zvi Har'El wrote:
>
> > In the latest CVS snapshot of apache2, proxy_http.c has a bug, in the function
> > ap_proxy_http_determine_connection(), which, among other things, prepares the
> > string server_portstr which is used in the Via header.
> > prepares this string is
> ...
> > This is a (tested) patch which does that:
> >
> To eliminate any douts, here is the patch as a unified CVS diff:
Committed, thanks!
-aaron
Re: [patch] Truncated port number in Via:
Posted by Zvi Har'El <rl...@math.technion.ac.il>.
On Mon, 29 Oct 2001, Zvi Har'El wrote:
> In the latest CVS snapshot of apache2, proxy_http.c has a bug, in the function
> ap_proxy_http_determine_connection(), which, among other things, prepares the
> string server_portstr which is used in the Via header.
> prepares this string is
...
> This is a (tested) patch which does that:
>
To eliminate any douts, here is the patch as a unified CVS diff:
Index: proxy_http.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/proxy/proxy_http.c,v
retrieving revision 1.104
diff -u -r1.104 proxy_http.c
--- proxy_http.c 2001/10/14 20:41:00 1.104
+++ proxy_http.c 2001/10/29 13:22:18
@@ -194,7 +194,8 @@
char **url,
const char *proxyname,
apr_port_t proxyport,
- char *server_portstr) {
+ char *server_portstr,
+ int server_portstr_size) {
int server_port;
apr_status_t err;
apr_sockaddr_t *uri_addr;
@@ -253,7 +254,7 @@
if (ap_is_default_port(server_port, r)) {
strcpy(server_portstr,"");
} else {
- apr_snprintf(server_portstr, sizeof(server_portstr), ":%d",
+ apr_snprintf(server_portstr, server_portstr_size, ":%d",
server_port);
}
}
@@ -940,7 +941,8 @@
/* Step One: Determine Who To Connect To */
status = ap_proxy_http_determine_connection(p, r, p_conn, c, conf, uri,
&url, proxyname, proxyport,
- server_portstr);
+ server_portstr,
+ sizeof(server_portstr));
if ( status != OK ) {
return status;
}
--
Dr. Zvi Har'El mailto:rl@math.technion.ac.il Department of Mathematics
tel:+972-54-227607 Technion - Israel Institute of Technology
fax:+972-4-8324654 http://www.math.technion.ac.il/~rl/ Haifa 32000, ISRAEL
"If you can't say somethin' nice, don't say nothin' at all." -- Thumper (1942)
Monday, 12 Heshvan 5762, 29 October 2001, 3:32PM