You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@apr.apache.org by Bojan Smojver <bo...@rexursive.com> on 2006/04/17 01:26:02 UTC

Re: svn commit: r394559 - /apr/apr-util/branches/1.2.x/dbd/apr_dbd_pgsql.c

On Sun, 2006-04-16 at 21:20 +0000, niq@apache.org wrote:

> --- apr/apr-util/branches/1.2.x/dbd/apr_dbd_pgsql.c (original)
> +++ apr/apr-util/branches/1.2.x/dbd/apr_dbd_pgsql.c Sun Apr 16 14:19:59 2006
> @@ -221,7 +221,7 @@
>                                      apr_dbd_t *sql)
>  {
>      size_t len = strlen(arg);
> -    char *ret = apr_palloc(pool, len + 1);
> +    char *ret = apr_palloc(pool, 2*(len + 1));
>      PQescapeString(ret, arg, len);
>      return ret;
>  }

Should we be reporting the above as a security problem in Apache 2.2.0
(i.e. a potential heap overflow), given that the code ships with it?

-- 
Bojan