https://bz.apache.org/bugzilla/show_bug.cgi?id=69258
Bug ID: 69258
Summary: Silent line truncation inside a macro
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P2
Component: mod_macro
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
In case a line inside a macro is longer than the (hard-coded) limit
MAX_STRING_LEN, the line is truncated (without notification).
This may give totally unexpected results, including security vulnerabilities.
We should return an error in this case:
/* copy the line and substitute macro parameters */
+ if (strlen(((char**)contents->elts)[i]) >= MAX_STRING_LEN) {
+ return apr_psprintf(pool,
+ "while processing line %d of macro '%s' (%s) %s",
+ i + 1, macro->name, macro->location, "macro too long");
+ }
apr_cpystrn(line, ((char **) contents->elts)[i], MAX_STRING_LEN);
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
