[ https://issues.apache.org/jira/browse/AXIS2C-1387?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
S.Uthaiyashankar updated AXIS2C-1387: ------------------------------------- Component/s: (was: build system (Unix/Linux)) httpd module > apache2_stream_read function ignores errors from ap_get_client_block is > size_t is unsigned > ------------------------------------------------------------------------------------------ > > Key: AXIS2C-1387 > URL: https://issues.apache.org/jira/browse/AXIS2C-1387 > Project: Axis2-C > Issue Type: Bug > Components: httpd module > Affects Versions: 1.6.0 > Environment: CentOS 5.3 > httpd-2.2.3 > rampartc-1.3.0 > dell precision desktop > Reporter: Murph McCloy > Priority: Minor > Attachments: apache2_stream_read_input_filter.patch > > Original Estimate: 1h > Remaining Estimate: 1h > > This problem has only been noticed when attempting to decompress input > streams via apache. > The problem occurs when a decompression payload fails to decompress properly. > In my test case it was because the payload had some flags set in the gzip > headers and mod_deflate doesn't support flags. mod_deflate then returned an > APR_EGENERAL error message. This message then bubbled up and was returned as > a -1 to apache2_stream_read. > This is a problem because size_t, on my system, is unsigned. The checks in > apache2_stream_read fail to catch a negative value in this scenario and dont > respond appropriately. > while (count - len > 0) > { > read = ap_get_client_block(stream_impl->request, (char *)buffer + len, > count - len); > if (read > 0) > { > len += read; > } > else > { > break; > } > } > The else statement will never get reached while read is unsigned. Also, the > while loop might have troubles as well. I would suggest modifying read and > len to be ssize_t so they match the return value of ap_get_client_block. > If I get this modified and working, I will submit a patch. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.