[
https://issues.apache.org/jira/browse/AXIS2C-1415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Damitha Kumarage updated AXIS2C-1415:
-------------------------------------
Fix Version/s: Next Version
> Buffer overrun in axis2_http_client_recieve_header when receiving a HTTP
> header field larger than 512 bytes in length.
> ----------------------------------------------------------------------------------------------------------------------
>
> Key: AXIS2C-1415
> URL: https://issues.apache.org/jira/browse/AXIS2C-1415
> Project: Axis2-C
> Issue Type: Bug
> Components: transport/http
> Affects Versions: 1.6.0
> Environment: Windows XP SP2, Axis2/C compiled with Visual Studio 2008
> SP1
> Reporter: Nigel Meachen
> Assignee: nadir amra
> Fix For: Next Version
>
>
> A buffer overrun occurs in axis2_http_client_recieve_header when a HTTP
> header field larger than 512 bytes is received resulting in stack corruption
> and in my case causes the client to loop forever.
> In my scenario I was using the Axis2/C 1.6 client to invoke a RESTful service
> using Basic Authentication running on a Websphere 7 environment. Upon
> successful authentication the response HTTP header contains a Set-Cookie
> field totaling 760 bytes.
> I was able to work around this issue by doubling the size of the str_header
> field and modifying the memset reference to use sizeof avoiding the need to
> modify thm in the future if the size changes again. The module at the least
> should keep track of the accumulated header field size to avoid overruns in
> the future but ideally should dynamically allocate memory to cope with any
> size header field.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
