apache2_stream_read function ignores errors from ap_get_client_block is size_t
is unsigned
------------------------------------------------------------------------------------------
Key: AXIS2C-1387
URL: https://issues.apache.org/jira/browse/AXIS2C-1387
Project: Axis2-C
Issue Type: Bug
Components: build system (Unix/Linux)
Affects Versions: 1.6.0
Environment: CentOS 5.3
httpd-2.2.3
rampartc-1.3.0
dell precision desktop
Reporter: Murph McCloy
Priority: Minor
This problem has only been noticed when attempting to decompress input streams
via apache.
The problem occurs when a decompression payload fails to decompress properly.
In my test case it was because the payload had some flags set in the gzip
headers and mod_deflate doesn't support flags. mod_deflate then returned an
APR_EGENERAL error message. This message then bubbled up and was returned as a
-1 to apache2_stream_read.
This is a problem because size_t, on my system, is unsigned. The checks in
apache2_stream_read fail to catch a negative value in this scenario and dont
respond appropriately.
while (count - len > 0)
{
read = ap_get_client_block(stream_impl->request, (char *)buffer + len,
count - len);
if (read > 0)
{
len += read;
}
else
{
break;
}
}
The else statement will never get reached while read is unsigned. Also, the
while loop might have troubles as well. I would suggest modifying read and len
to be ssize_t so they match the return value of ap_get_client_block.
If I get this modified and working, I will submit a patch.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
