You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Patrick Bihan-Faou <pb...@gandalf.com> on 1998/03/30 23:26:34 UTC
general/2019: Stop condition on URL parsing is incorrect
>Number: 2019
>Category: general
>Synopsis: Stop condition on URL parsing is incorrect
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: apache
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Mon Mar 30 13:30:01 PST 1998
>Last-Modified:
>Originator: pbf@gandalf.com
>Organization:
apache
>Release: 1.2.6
>Environment:
Any (found while reading the code).
>Description:
in the file http_protocol.c (both for versions 1.2.5 and 1.2.6),
in the function "parse_uri()", the stop condition of a loop parsing
a URI is incorrect.
This may not cause a problem in actual use sinc the loop while "break"
upon easily met conditions.
What would actually happen is the loop break at an incorrect point.
>How-To-Repeat:
By submitting a very weird URL that would fail the checks inside the loop.
>Fix:
at line 515 (in version 1.2.6) replace
for (s=uri; s != '\0'; s++)
with
for (s=uri; *s != '\0'; s++)
which should be more reliable since uri is a null terminated string.
%0
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED. This is not done]
[automatically because of the potential for mail loops. ]