Ticket #836 (closed Bug report: fixed)

Opened 9 years ago

Last modified 9 years ago

[PATCH] buffer overflow on too long url

Reported by: etienne.champetier@… Owned by: JV
Priority: blocker Milestone:
Component: Gateway Version: Gateway SVN
Keywords: Cc:

Description

Hi

The first patch prevent buffer overflow on "r->response.headers".

The second patch put the url at the end and not the mac, as urlfragment may end up mangled (i think it's best to have half the url than half the mac)

In every case, i'm not sure of the "safe_asprintf(&urlFragment, "%s&mac=%s", urlFragment, mac)" because urlFragment is in and out (see notes in  http://manpages.ubuntu.com/manpages/precise/man3/printf.3.html), we should at least use a tempUrlFragment.

Attachments

patchoverflow.patch Download (0.7 KB) - added by etienne.champetier@… 9 years ago.
patchoverflow2.patch Download (1.4 KB) - added by etienne.champetier@… 9 years ago.

Change History

Changed 9 years ago by etienne.champetier@…

Changed 9 years ago by etienne.champetier@…

Changed 9 years ago by benoitg

  • status changed from new to closed
  • resolution set to fixed

Commited in r1464

Note: See TracTickets for help on using tickets.