You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Brian Behlendorf <br...@hyperreal.org> on 1998/05/04 06:09:24 UTC

security fixes in 1.2.5's proxy_util?

So in STATUS we have:

    * proxy security fixes from 1.2.5 need to be brought forward
       Jim: What are these?

The only security-related fix I can see in the 1.2.x series in the proxy
code is from proxy_util.c:

  http://www.apache.org/websrc/cvsweb.cgi/apache-
1.2/src/modules/proxy/proxy_util.c.diff?r1=1.17&r2=1.17.2.1

In which we see the following code snippet introduced:

+    if (strlen(x)+1 < 30) {
+        x = palloc(p, 30);
+    }

Yet in 1.3's proxy_util.c we see:

    if (strlen(x) < 30)
        x = ap_palloc(p, 30);

I have a hunch that the 1.2.5 code is correct, and the 1.3 code has an
off-by-one error, since strlen() doesn't count the null() at the end of the
string, whereas it's necessary to count it for palloc() and snprintf().
But then again I'm not sure why we're measuring it if we're just trashing
it later.... do we even need that if()?

	Brian


--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
pure chewing satisfaction                                  brian@apache.org
                                                        brian@hyperreal.org