You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@apr.apache.org by Bojan Smojver <bo...@rexursive.com> on 2006/04/17 01:26:02 UTC
Re: svn commit: r394559 -
/apr/apr-util/branches/1.2.x/dbd/apr_dbd_pgsql.c
On Sun, 2006-04-16 at 21:20 +0000, niq@apache.org wrote:
> --- apr/apr-util/branches/1.2.x/dbd/apr_dbd_pgsql.c (original)
> +++ apr/apr-util/branches/1.2.x/dbd/apr_dbd_pgsql.c Sun Apr 16 14:19:59 2006
> @@ -221,7 +221,7 @@
> apr_dbd_t *sql)
> {
> size_t len = strlen(arg);
> - char *ret = apr_palloc(pool, len + 1);
> + char *ret = apr_palloc(pool, 2*(len + 1));
> PQescapeString(ret, arg, len);
> return ret;
> }
Should we be reporting the above as a security problem in Apache 2.2.0
(i.e. a potential heap overflow), given that the code ships with it?
--
Bojan