You are viewing a plain text version of this content. The canonical link for it is here.

Posted to apache-bugdb@apache.org by Henry Pasternack <he...@us.ibm.com> on 1998/10/23 23:10:15 UTC

apache-api/3283: Probable source code error in ap_cfg_getline()

>Number:         3283
>Category:       apache-api
>Synopsis:       Probable source code error in ap_cfg_getline()
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Fri Oct 23 14:20:01 PDT 1998
>Last-Modified:
>Originator:     henryp@us.ibm.com
>Organization:
apache
>Release:        1.3.3
>Environment:
apache_1.3.3/src/main/util.c
>Description:
Line 855 of util.c in routine ap_cfg_getline():

   cbuf = cp;
   cbufsize -= (cp-cbuf);

This code occurs in the part of the routine that stitches lines together when
a continuation character is detected.  The intent of the two statements is
to reposition the buffer to the start of the next line and decrement the buffer
size by the number of characters input on the previous line.  But (cp-cbuf)
will always be zero, so cbufsize will remain constant.
>How-To-Repeat:
I haven't observed a problem in real life.  Presumably it would only occur in
the case where a directive and its arguments were thousands of characters long.
Or maybe I'm just reading the code wrong.
>Fix:
Reverse the order of the two statements.
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request ]
[from a developer.                                      ]
[Reply only with text; DO NOT SEND ATTACHMENTS!         ]