[jira] [Updated] (AXIS2C-1387) apache2_stream_read function ignores errors from ap_get_client_block is size_t is unsigned

Tue, 07 Apr 2020 09:06:11 -0700 


     [ 
https://issues.apache.org/jira/browse/AXIS2C-1387?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bill Blough updated AXIS2C-1387:
--------------------------------
    Fix Version/s: 1.7.0

> apache2_stream_read function ignores errors from ap_get_client_block is 
> size_t is unsigned
> ------------------------------------------------------------------------------------------
>
>                 Key: AXIS2C-1387
>                 URL: https://issues.apache.org/jira/browse/AXIS2C-1387
>             Project: Axis2-C
>          Issue Type: Bug
>          Components: httpd module
>    Affects Versions: 1.6.0
>         Environment: CentOS 5.3
> httpd-2.2.3
> rampartc-1.3.0
> dell precision desktop
>            Reporter: Murph McCloy
>            Assignee: Korale Gamaralalage Nandika Chandrasiri Jayawardana
>            Priority: Minor
>             Fix For: 1.7.0
>
>         Attachments: apache2_stream_read_input_filter.patch
>
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> This problem has only been noticed when attempting to decompress input 
> streams via apache.
> The problem occurs when a decompression payload fails to decompress properly. 
>  In my test case it was because the payload had some flags set in the gzip 
> headers and mod_deflate doesn't support flags.  mod_deflate then returned an 
> APR_EGENERAL error message.  This message then bubbled up and was returned as 
> a -1 to apache2_stream_read.
> This is a problem because size_t, on my system, is unsigned.  The checks in 
> apache2_stream_read fail to catch a negative value in this scenario and dont 
> respond appropriately.
> while (count - len > 0)
> {
>     read = ap_get_client_block(stream_impl->request, (char *)buffer + len, 
> count - len);
>     if (read > 0)
>     {
>         len += read;
>     }
>     else 
>     {
>         break;
>     }
> }
> The else statement will never get reached while read is unsigned.  Also, the 
> while loop might have troubles as well.  I would suggest modifying read and 
> len to be ssize_t so they match the return value of ap_get_client_block.
> If I get this modified and working, I will submit a patch.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to