Ticket #836 (closed Bug report: fixed)

Opened 11 months ago

Last modified 10 months ago

[PATCH] buffer overflow on too long url

Reported by: etienne.champetier@… Owned by: JV
Priority: blocker Milestone:
Component: Gateway Version: Gateway SVN
Keywords: Cc:

Description

Hi

The first patch prevent buffer overflow on "r->response.headers".

The second patch put the url at the end and not the mac, as urlfragment may end up mangled (i think it's best to have half the url than half the mac)

In every case, i'm not sure of the "safe_asprintf(&urlFragment, "%s&mac=%s", urlFragment, mac)" because urlFragment is in and out (see notes in  http://manpages.ubuntu.com/manpages/precise/man3/printf.3.html), we should at least use a tempUrlFragment.

Attachments

patchoverflow.patch Download (0.7 KB) - added by etienne.champetier@… 11 months ago.
patchoverflow2.patch Download (1.4 KB) - added by etienne.champetier@… 11 months ago.

Change History

Changed 11 months ago by etienne.champetier@…

Changed 11 months ago by etienne.champetier@…

Changed 10 months ago by benoitg

  • status changed from new to closed
  • resolution set to fixed

Commited in r1464

Add/Change #836 ([PATCH] buffer overflow on too long url)

Author


E-mail address and user name can be saved in the Preferences.


Action
as closed
The resolution will be deleted. Next status will be 'reopened'
 
Note: See TracTickets for help on using tickets.