You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rj...@apache.org on 2010/02/14 22:36:04 UTC
svn commit: r910079 - /httpd/httpd/trunk/modules/proxy/proxy_util.c
Author: rjung
Date: Sun Feb 14 21:36:03 2010
New Revision: 910079
URL: http://svn.apache.org/viewvc?rev=910079&view=rev
Log:
Limit sscanf format to the number of chars actually
needed and buffer size provided to prevent buffer overflow.
Modified:
httpd/httpd/trunk/modules/proxy/proxy_util.c
Modified: httpd/httpd/trunk/modules/proxy/proxy_util.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/proxy_util.c?rev=910079&r1=910078&r2=910079&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/proxy/proxy_util.c (original)
+++ httpd/httpd/trunk/modules/proxy/proxy_util.c Sun Feb 14 21:36:03 2010
@@ -2342,21 +2342,22 @@
/* Check for HTTP_OK response status */
if (status == APR_SUCCESS) {
int major, minor;
- char code_str[10];
+ /* Only scan for three character status code */
+ char code_str[4];
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"send_http_connect: response from the forward proxy: %s",
buffer);
/* Extract the returned code */
- if (sscanf(buffer, "HTTP/%u.%u %s", &major, &minor, code_str) == 3) {
+ if (sscanf(buffer, "HTTP/%u.%u %3s", &major, &minor, code_str) == 3) {
status = atoi(code_str);
if (status == HTTP_OK) {
status = APR_SUCCESS;
}
else {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "send_http_connect: the forward proxy returned code is %s",
+ "send_http_connect: the forward proxy returned code is '%s'",
code_str);
status = APR_INCOMPLETE;
}