You are viewing a plain text version of this content. The canonical link for it is here.

Posted to c-dev@axis.apache.org by "Henrik Nordberg (JIRA)" <ax...@ws.apache.org> on 2005/09/13 04:23:30 UTC

[jira] Created: (AXISCPP-826) Apache2Transport::getBytes() may lead to access violation

Apache2Transport::getBytes() may lead to access violation
---------------------------------------------------------

         Key: AXISCPP-826
         URL: http://issues.apache.org/jira/browse/AXISCPP-826
     Project: Axis-C++
        Type: Bug
  Components: Transport (Server), Transport (axis2), Server - Apache module  
    Versions: unspecified    
    Reporter: Henrik Nordberg


You can't use a function like strstr() on a non-null terminated string, such as the buffer filled by ap_get_client_block(). This is done in Apache2Transport::getBytes() in Apache2Transport.cpp, where the following code is copied from:

    len_read = ap_get_client_block((request_rec*) m_pContext, pBuffer, *piSize);
 
  if (strstr(pBuffer, "Content-Id")) {
  pAttachmentHelper = new AttachmentHelper();
...

pBuffer must be terminated with a '\0' before you can use it in a call to strstr(). So maybe that if(strstr... block should be moved down to just before return TRANSPORT_FINISHED; ? I am not sure of the intention of the code, so the author should make the decision.



-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Commented: (AXISCPP-826) Apache2Transport::getBytes() may lead to access violation

Posted by "Henrik Nordberg (JIRA)" <ax...@ws.apache.org>.

    [ http://issues.apache.org/jira/browse/AXISCPP-826?page=comments#action_12360621 ] 

Henrik Nordberg commented on AXISCPP-826:
-----------------------------------------

I have tested this on Fedora Core 3, and it works fine. Please commit, and close bug. Thanks.

> Apache2Transport::getBytes() may lead to access violation
> ---------------------------------------------------------
>
>          Key: AXISCPP-826
>          URL: http://issues.apache.org/jira/browse/AXISCPP-826
>      Project: Axis-C++
>         Type: Bug
>   Components: Transport (Server), Transport (axis2), Server - Apache module
>     Versions: unspecified
>     Reporter: Henrik Nordberg
>     Assignee: Chinthana Danapala
>  Attachments: Apache2Transport.cpp
>
> You can't use a function like strstr() on a non-null terminated string, such as the buffer filled by ap_get_client_block(). This is done in Apache2Transport::getBytes() in Apache2Transport.cpp, where the following code is copied from:
>     len_read = ap_get_client_block((request_rec*) m_pContext, pBuffer, *piSize);
>  
>   if (strstr(pBuffer, "Content-Id")) {
>   pAttachmentHelper = new AttachmentHelper();
> ...
> pBuffer must be terminated with a '\0' before you can use it in a call to strstr(). So maybe that if(strstr... block should be moved down to just before return TRANSPORT_FINISHED; ? I am not sure of the intention of the code, so the author should make the decision.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Updated: (AXISCPP-826) Apache2Transport::getBytes() may lead to access violation

Posted by "Chinthana Danapala (JIRA)" <ax...@ws.apache.org>.

     [ http://issues.apache.org/jira/browse/AXISCPP-826?page=all ]

Chinthana Danapala updated AXISCPP-826:
---------------------------------------

    Attachment: Apache2Transport.cpp

I have modify the file and tested in windows. Its working fine and I have attached the file. Could anyone test with other platform? Then I'll be able to commit the changes. 

> Apache2Transport::getBytes() may lead to access violation
> ---------------------------------------------------------
>
>          Key: AXISCPP-826
>          URL: http://issues.apache.org/jira/browse/AXISCPP-826
>      Project: Axis-C++
>         Type: Bug
>   Components: Transport (Server), Transport (axis2), Server - Apache module
>     Versions: unspecified
>     Reporter: Henrik Nordberg
>     Assignee: Chinthana Danapala
>  Attachments: Apache2Transport.cpp
>
> You can't use a function like strstr() on a non-null terminated string, such as the buffer filled by ap_get_client_block(). This is done in Apache2Transport::getBytes() in Apache2Transport.cpp, where the following code is copied from:
>     len_read = ap_get_client_block((request_rec*) m_pContext, pBuffer, *piSize);
>  
>   if (strstr(pBuffer, "Content-Id")) {
>   pAttachmentHelper = new AttachmentHelper();
> ...
> pBuffer must be terminated with a '\0' before you can use it in a call to strstr(). So maybe that if(strstr... block should be moved down to just before return TRANSPORT_FINISHED; ? I am not sure of the intention of the code, so the author should make the decision.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Assigned: (AXISCPP-826) Apache2Transport::getBytes() may lead to access violation

Posted by "Chinthana Danapala (JIRA)" <ax...@ws.apache.org>.

     [ http://issues.apache.org/jira/browse/AXISCPP-826?page=all ]

Chinthana Danapala reassigned AXISCPP-826:
------------------------------------------

    Assign To: Chinthana Danapala

> Apache2Transport::getBytes() may lead to access violation
> ---------------------------------------------------------
>
>          Key: AXISCPP-826
>          URL: http://issues.apache.org/jira/browse/AXISCPP-826
>      Project: Axis-C++
>         Type: Bug
>   Components: Transport (Server), Transport (axis2), Server - Apache module
>     Versions: unspecified
>     Reporter: Henrik Nordberg
>     Assignee: Chinthana Danapala

>
> You can't use a function like strstr() on a non-null terminated string, such as the buffer filled by ap_get_client_block(). This is done in Apache2Transport::getBytes() in Apache2Transport.cpp, where the following code is copied from:
>     len_read = ap_get_client_block((request_rec*) m_pContext, pBuffer, *piSize);
>  
>   if (strstr(pBuffer, "Content-Id")) {
>   pAttachmentHelper = new AttachmentHelper();
> ...
> pBuffer must be terminated with a '\0' before you can use it in a call to strstr(). So maybe that if(strstr... block should be moved down to just before return TRANSPORT_FINISHED; ? I am not sure of the intention of the code, so the author should make the decision.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Closed: (AXISCPP-826) Apache2Transport::getBytes() may lead to access violation

Posted by "John Hawkins (JIRA)" <ax...@ws.apache.org>.

     [ http://issues.apache.org/jira/browse/AXISCPP-826?page=all ]
     
John Hawkins closed AXISCPP-826:
--------------------------------

    Fix Version: 1.6 Alpha
     Resolution: Fixed

> Apache2Transport::getBytes() may lead to access violation
> ---------------------------------------------------------
>
>          Key: AXISCPP-826
>          URL: http://issues.apache.org/jira/browse/AXISCPP-826
>      Project: Axis-C++
>         Type: Bug
>   Components: Server - Apache module, Transport (axis2), Transport (Server)
>     Versions: unspecified
>     Reporter: Henrik Nordberg
>     Assignee: Chinthana Danapala
>      Fix For: 1.6 Alpha
>  Attachments: Apache2Transport.cpp
>
> You can't use a function like strstr() on a non-null terminated string, such as the buffer filled by ap_get_client_block(). This is done in Apache2Transport::getBytes() in Apache2Transport.cpp, where the following code is copied from:
>     len_read = ap_get_client_block((request_rec*) m_pContext, pBuffer, *piSize);
>  
>   if (strstr(pBuffer, "Content-Id")) {
>   pAttachmentHelper = new AttachmentHelper();
> ...
> pBuffer must be terminated with a '\0' before you can use it in a call to strstr(). So maybe that if(strstr... block should be moved down to just before return TRANSPORT_FINISHED; ? I am not sure of the intention of the code, so the author should make the decision.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira