You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-dev@axis.apache.org by "Henrik Nordberg (JIRA)" <ax...@ws.apache.org> on 2005/09/13 04:23:30 UTC
[jira] Created: (AXISCPP-826) Apache2Transport::getBytes() may lead to access violation
Apache2Transport::getBytes() may lead to access violation
---------------------------------------------------------
Key: AXISCPP-826
URL: http://issues.apache.org/jira/browse/AXISCPP-826
Project: Axis-C++
Type: Bug
Components: Transport (Server), Transport (axis2), Server - Apache module
Versions: unspecified
Reporter: Henrik Nordberg
You can't use a function like strstr() on a non-null terminated string, such as the buffer filled by ap_get_client_block(). This is done in Apache2Transport::getBytes() in Apache2Transport.cpp, where the following code is copied from:
len_read = ap_get_client_block((request_rec*) m_pContext, pBuffer, *piSize);
if (strstr(pBuffer, "Content-Id")) {
pAttachmentHelper = new AttachmentHelper();
...
pBuffer must be terminated with a '\0' before you can use it in a call to strstr(). So maybe that if(strstr... block should be moved down to just before return TRANSPORT_FINISHED; ? I am not sure of the intention of the code, so the author should make the decision.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Commented: (AXISCPP-826) Apache2Transport::getBytes() may lead to access violation
Posted by "Henrik Nordberg (JIRA)" <ax...@ws.apache.org>.
[ http://issues.apache.org/jira/browse/AXISCPP-826?page=comments#action_12360621 ]
Henrik Nordberg commented on AXISCPP-826:
-----------------------------------------
I have tested this on Fedora Core 3, and it works fine. Please commit, and close bug. Thanks.
> Apache2Transport::getBytes() may lead to access violation
> ---------------------------------------------------------
>
> Key: AXISCPP-826
> URL: http://issues.apache.org/jira/browse/AXISCPP-826
> Project: Axis-C++
> Type: Bug
> Components: Transport (Server), Transport (axis2), Server - Apache module
> Versions: unspecified
> Reporter: Henrik Nordberg
> Assignee: Chinthana Danapala
> Attachments: Apache2Transport.cpp
>
> You can't use a function like strstr() on a non-null terminated string, such as the buffer filled by ap_get_client_block(). This is done in Apache2Transport::getBytes() in Apache2Transport.cpp, where the following code is copied from:
> len_read = ap_get_client_block((request_rec*) m_pContext, pBuffer, *piSize);
>
> if (strstr(pBuffer, "Content-Id")) {
> pAttachmentHelper = new AttachmentHelper();
> ...
> pBuffer must be terminated with a '\0' before you can use it in a call to strstr(). So maybe that if(strstr... block should be moved down to just before return TRANSPORT_FINISHED; ? I am not sure of the intention of the code, so the author should make the decision.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Updated: (AXISCPP-826) Apache2Transport::getBytes() may lead to access violation
Posted by "Chinthana Danapala (JIRA)" <ax...@ws.apache.org>.
[ http://issues.apache.org/jira/browse/AXISCPP-826?page=all ]
Chinthana Danapala updated AXISCPP-826:
---------------------------------------
Attachment: Apache2Transport.cpp
I have modify the file and tested in windows. Its working fine and I have attached the file. Could anyone test with other platform? Then I'll be able to commit the changes.
> Apache2Transport::getBytes() may lead to access violation
> ---------------------------------------------------------
>
> Key: AXISCPP-826
> URL: http://issues.apache.org/jira/browse/AXISCPP-826
> Project: Axis-C++
> Type: Bug
> Components: Transport (Server), Transport (axis2), Server - Apache module
> Versions: unspecified
> Reporter: Henrik Nordberg
> Assignee: Chinthana Danapala
> Attachments: Apache2Transport.cpp
>
> You can't use a function like strstr() on a non-null terminated string, such as the buffer filled by ap_get_client_block(). This is done in Apache2Transport::getBytes() in Apache2Transport.cpp, where the following code is copied from:
> len_read = ap_get_client_block((request_rec*) m_pContext, pBuffer, *piSize);
>
> if (strstr(pBuffer, "Content-Id")) {
> pAttachmentHelper = new AttachmentHelper();
> ...
> pBuffer must be terminated with a '\0' before you can use it in a call to strstr(). So maybe that if(strstr... block should be moved down to just before return TRANSPORT_FINISHED; ? I am not sure of the intention of the code, so the author should make the decision.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Assigned: (AXISCPP-826) Apache2Transport::getBytes() may lead to access violation
Posted by "Chinthana Danapala (JIRA)" <ax...@ws.apache.org>.
[ http://issues.apache.org/jira/browse/AXISCPP-826?page=all ]
Chinthana Danapala reassigned AXISCPP-826:
------------------------------------------
Assign To: Chinthana Danapala
> Apache2Transport::getBytes() may lead to access violation
> ---------------------------------------------------------
>
> Key: AXISCPP-826
> URL: http://issues.apache.org/jira/browse/AXISCPP-826
> Project: Axis-C++
> Type: Bug
> Components: Transport (Server), Transport (axis2), Server - Apache module
> Versions: unspecified
> Reporter: Henrik Nordberg
> Assignee: Chinthana Danapala
>
> You can't use a function like strstr() on a non-null terminated string, such as the buffer filled by ap_get_client_block(). This is done in Apache2Transport::getBytes() in Apache2Transport.cpp, where the following code is copied from:
> len_read = ap_get_client_block((request_rec*) m_pContext, pBuffer, *piSize);
>
> if (strstr(pBuffer, "Content-Id")) {
> pAttachmentHelper = new AttachmentHelper();
> ...
> pBuffer must be terminated with a '\0' before you can use it in a call to strstr(). So maybe that if(strstr... block should be moved down to just before return TRANSPORT_FINISHED; ? I am not sure of the intention of the code, so the author should make the decision.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Closed: (AXISCPP-826) Apache2Transport::getBytes() may lead to access violation
Posted by "John Hawkins (JIRA)" <ax...@ws.apache.org>.
[ http://issues.apache.org/jira/browse/AXISCPP-826?page=all ]
John Hawkins closed AXISCPP-826:
--------------------------------
Fix Version: 1.6 Alpha
Resolution: Fixed
> Apache2Transport::getBytes() may lead to access violation
> ---------------------------------------------------------
>
> Key: AXISCPP-826
> URL: http://issues.apache.org/jira/browse/AXISCPP-826
> Project: Axis-C++
> Type: Bug
> Components: Server - Apache module, Transport (axis2), Transport (Server)
> Versions: unspecified
> Reporter: Henrik Nordberg
> Assignee: Chinthana Danapala
> Fix For: 1.6 Alpha
> Attachments: Apache2Transport.cpp
>
> You can't use a function like strstr() on a non-null terminated string, such as the buffer filled by ap_get_client_block(). This is done in Apache2Transport::getBytes() in Apache2Transport.cpp, where the following code is copied from:
> len_read = ap_get_client_block((request_rec*) m_pContext, pBuffer, *piSize);
>
> if (strstr(pBuffer, "Content-Id")) {
> pAttachmentHelper = new AttachmentHelper();
> ...
> pBuffer must be terminated with a '\0' before you can use it in a call to strstr(). So maybe that if(strstr... block should be moved down to just before return TRANSPORT_FINISHED; ? I am not sure of the intention of the code, so the author should make the decision.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira