You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2003/06/09 19:38:48 UTC
DO NOT REPLY [Bug 20617] New: -
GetServerVariable("ALL_RAW") returns wrong buffer size
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20617>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20617
GetServerVariable("ALL_RAW") returns wrong buffer size
Summary: GetServerVariable("ALL_RAW") returns wrong buffer size
Product: Apache httpd-2.0
Version: 2.0.46
Platform: PC
OS/Version: Windows NT/2K
Status: NEW
Severity: Normal
Priority: Other
Component: mod_isapi
AssignedTo: bugs@httpd.apache.org
ReportedBy: jsp@pkc.com
Line 586 adds two bytes to the length of each header string to allow for
characters that will be added when the string is formatted:
len += strlen(elts[i].key) + strlen(elts[i].val) + 2;
This is consistent with the commentary that precedes it, however, line 598- 602
actually add three bytes to the header string:
*(((char*)buf_data)++) = ':';
*(((char*)buf_data)++) = ' ';
strcpy(buf_data, elts[i].val);
((char*)buf_data) += strlen(elts[i].val);
*(((char*)buf_data)++) = '\n';
Net result: buf_size is one byte per row too small. GetServerVariable() is
typically called once with a NULL buffer to establish the required buffer size,
then called again with a newly allocated buffer of the appropriate size. This
isn't possible if the first call returns too small a size.
The fix is simple: change '2' to '3' in line 586.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org