set_var bug?

[Helmut Hissen <he...@zeebar.com>]

I just figured out why our httpds were dumping core sometimes during 
customer signup ... it appears that set_var() in tcl_core.c expects some 
variable length arg list to do a vasprintf() on, but the rest of the 
code (called when setting up the Tcl env table (incl QUERY_STRING) as 
well as for post variables) only uses it ever with a single argument.

Problem is that if that since argument (the value to be stored) contains 
certain valid  %formats (such as %n), the code runs off the stack 
looking for corresponding arguments (which never get passed in).  In our 
case, people were sending in their email address in a QUERY_STRING from 
a web form and anybody unlucky to have an email address on a domain 
starting with a valid printf %format character was crashing out httpd, 
the symptom being that people appeared to get the same form back (wich 
they didnt, because httpd just barfed).

eg:   "firstName=helmut&email=helmut%40nowhere.com&email2%40nowhere.com"

I just took out the references to the va/vsprint from set_var() (making 
it a fixed length arg list function) and our servers are much happier now. 

regards

Helmut Hissen
helmut@zeebar.com

ps:  kudos to Leupold-LoewenthalM@spardat.at for his brilliant 
workaround to the encoding problem






---------------------------------------------------------------------
To unsubscribe, e-mail: mod_tcl-dev-unsubscribe@tcl.apache.org
For additional commands, e-mail: mod_tcl-dev-help@tcl.apache.org