You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Zvi Har'El <rl...@math.technion.ac.il> on 2001/10/29 14:23:15 UTC

[patch] Truncated port number in Via:

Hi,

In the latest CVS snapshot of apache2, proxy_http.c has a bug, in the function
ap_proxy_http_determine_connection(), which, among other things, prepares the
string server_portstr which is used in the Via header. The line which
prepares this string is

 apr_snprintf(server_portstr, sizeof(server_portstr), ":%d", server_port);

This could have been OK, if server_portstr was a character array. However,
server_portstr is a character pointer (it is a formal parameter of this
function), and there for its size is 4 (at least on a 32 bits machine), which
truncates the port number to the first two digits! E.g, if the port number is
8443, the result is ":84" (with a null byte). In the calling function,
ap_proxy_http_handler, server_portstr is really defined as a 32 bytes character
array, but this doesn't help here! It is easy to fix, of-course, e.g, by adding
another formal parameter for the size of the string, and fixing the call.

This is a (tested) patch which does that:


--- proxy_http.c~	Sun Oct 14 23:50:23 2001
+++ proxy_http.c	Mon Oct 29 15:17:12 2001
@@ -194,7 +194,8 @@
                                                 char **url,
                                                 const char *proxyname,
                                                 apr_port_t proxyport,
-                                                char *server_portstr) {
+                                                char *server_portstr,
+						int server_portstr_size) {
     int server_port;
     apr_status_t err;
     apr_sockaddr_t *uri_addr;
@@ -253,7 +254,7 @@
         if (ap_is_default_port(server_port, r)) {
             strcpy(server_portstr,"");
         } else {
-            apr_snprintf(server_portstr, sizeof(server_portstr), ":%d",
+            apr_snprintf(server_portstr, server_portstr_size, ":%d",
                          server_port);
         }
     }
@@ -940,7 +941,8 @@
     /* Step One: Determine Who To Connect To */
     status = ap_proxy_http_determine_connection(p, r, p_conn, c, conf, uri,
                                                 &url, proxyname, proxyport,
-                                                server_portstr);
+						server_portstr,
+						sizeof(server_portstr));
     if ( status != OK ) {
         return status;
     }

Best,

Zvi.


-- 
Dr. Zvi Har'El     mailto:rl@math.technion.ac.il     Department of Mathematics
tel:+972-54-227607                   Technion - Israel Institute of Technology
fax:+972-4-8324654 http://www.math.technion.ac.il/~rl/     Haifa 32000, ISRAEL
"If you can't say somethin' nice, don't say nothin' at all." -- Thumper (1942)
                             Monday, 12 Heshvan 5762, 29 October 2001,  3:00PM

Re: [patch] Truncated port number in Via:

Posted by Aaron Bannert <aa...@clove.org>.

On Mon, Oct 29, 2001 at 03:35:56PM +0200, Zvi Har'El wrote:
> On Mon, 29 Oct 2001, Zvi Har'El wrote:
> 
> > In the latest CVS snapshot of apache2, proxy_http.c has a bug, in the function
> > ap_proxy_http_determine_connection(), which, among other things, prepares the
> > string server_portstr which is used in the Via header.
> > prepares this string is
> ...
> > This is a (tested) patch which does that:
> >
> To eliminate any douts, here is the patch as a unified CVS diff:

Committed, thanks!

-aaron

Re: [patch] Truncated port number in Via:

Posted by Zvi Har'El <rl...@math.technion.ac.il>.

On Mon, 29 Oct 2001, Zvi Har'El wrote:

> In the latest CVS snapshot of apache2, proxy_http.c has a bug, in the function
> ap_proxy_http_determine_connection(), which, among other things, prepares the
> string server_portstr which is used in the Via header.
> prepares this string is
...
> This is a (tested) patch which does that:
>
To eliminate any douts, here is the patch as a unified CVS diff:


Index: proxy_http.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/proxy/proxy_http.c,v
retrieving revision 1.104
diff -u -r1.104 proxy_http.c
--- proxy_http.c	2001/10/14 20:41:00	1.104
+++ proxy_http.c	2001/10/29 13:22:18
@@ -194,7 +194,8 @@
                                                 char **url,
                                                 const char *proxyname,
                                                 apr_port_t proxyport,
-                                                char *server_portstr) {
+                                                char *server_portstr,
+						int server_portstr_size) {
     int server_port;
     apr_status_t err;
     apr_sockaddr_t *uri_addr;
@@ -253,7 +254,7 @@
         if (ap_is_default_port(server_port, r)) {
             strcpy(server_portstr,"");
         } else {
-            apr_snprintf(server_portstr, sizeof(server_portstr), ":%d",
+            apr_snprintf(server_portstr, server_portstr_size, ":%d",
                          server_port);
         }
     }
@@ -940,7 +941,8 @@
     /* Step One: Determine Who To Connect To */
     status = ap_proxy_http_determine_connection(p, r, p_conn, c, conf, uri,
                                                 &url, proxyname, proxyport,
-                                                server_portstr);
+						server_portstr,
+						sizeof(server_portstr));
     if ( status != OK ) {
         return status;
     }

-- 
Dr. Zvi Har'El     mailto:rl@math.technion.ac.il     Department of Mathematics
tel:+972-54-227607                   Technion - Israel Institute of Technology
fax:+972-4-8324654 http://www.math.technion.ac.il/~rl/     Haifa 32000, ISRAEL
"If you can't say somethin' nice, don't say nothin' at all." -- Thumper (1942)
                             Monday, 12 Heshvan 5762, 29 October 2001,  3:32PM