You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Marc Slemko <ma...@worldgate.com> on 1998/06/20 21:35:48 UTC

Re: cvs commit: apache-1.3/src/support Makefile.tmpl suexec.c

On 20 Jun 1998 coar@hyperreal.org wrote:

>   -	log_err("too few arguments\n");
>   +        char msgbuf[2048];
>   +	int i;
>   +
>   +	ap_snprintf(msgbuf, sizeof(msgbuf), "too few (%d) arguments:", argc);
>   +	for (i = 0; i < argc; i++) {
>   +	    ap_snprintf(msgbuf, sizeof(msgbuf), "%s [%s]", msgbuf, argv[i]);
>   +	}
>   +	log_err("%s\n", msgbuf);

Erm... I don't think this does what you want it to do.

Re: cvs commit: apache-1.3/src/support Makefile.tmpl suexec.c

Posted by Marc Slemko <ma...@worldgate.com>.
This still needs fixing.

On Sat, 20 Jun 1998, Rodent of Unusual Size wrote:

> Marc Slemko wrote:
> > 
> > Erm... I don't think this does what you want it to do.
> 
> It did in my testing.  What in particular do you see it doing
> wrong?  Is ap_snprintf() not safe for using the output buffer
> as an input parameter?
> 
> #ken	P-)}
> 
> Ken Coar                    <http://Web.Golux.Com/coar/>
> Apache Group member         <http://www.apache.org/>
> "Apache Server for Dummies" <http://Web.Golux.Com/coar/ASFD/>
>

Re: cvs commit: apache-1.3/src/support Makefile.tmpl suexec.c

Posted by Marc Slemko <ma...@worldgate.com>.
On Sat, 20 Jun 1998, Rodent of Unusual Size wrote:

> Marc Slemko wrote:
> > 
> > Erm... I don't think this does what you want it to do.
> 
> It did in my testing.  What in particular do you see it doing
> wrong?  Is ap_snprintf() not safe for using the output buffer
> as an input parameter?

In general, most functions dealing with strings in this way aren't safe
using overlapping input and output.  Unless a function (eg. bcopy)
explicitly says it can do overlapping copies, you need to assume (eg.
memcpy) that it doesn't.

For example, try running:

int main () {
    char buf[4096];
    strcpy(buf, "this is a test");
    ap_snprintf(buf, sizeof(buf), "xxxx yyyyy %s", buf);
    printf("%s\n", buf);

}

It gives:

	xxxx yyyyy xxxx yyyyy xxx

The only reason the particular code you use works is because the first
thing copied happens to be the data that will be overwritten.  However,
changes to either to ap_snprintf code (say for some resaon it decided to
copy certain things in reverse order) or a tiny change to the format can
break it in non-obvious ways.

It is also horribly inefficient, repeatedly copying the same data over and
over in a loop, but that isn't an overly huge issue for this particular
error message.

Re: cvs commit: apache-1.3/src/support Makefile.tmpl suexec.c

Posted by Rodent of Unusual Size <Ke...@Golux.Com>.
Marc Slemko wrote:
> 
> Erm... I don't think this does what you want it to do.

It did in my testing.  What in particular do you see it doing
wrong?  Is ap_snprintf() not safe for using the output buffer
as an input parameter?

#ken	P-)}

Ken Coar                    <http://Web.Golux.Com/coar/>
Apache Group member         <http://www.apache.org/>
"Apache Server for Dummies" <http://Web.Golux.Com/coar/ASFD/>