Adam Sussman wrote: > > Are you 100% sure the buffer is big enough to do this? If the buffer is > > of size "len" the zero will be written past the end of the buffer. > > > > In the current code, "len" is strlen(buffer) so it can be safely assumed > to be one less than the length of the buffer (provided of course that > ap_proxy_string_read can be trusted).
The contents of a buffer can never be trusted though - this could be
exploited as an overflow and potentially an exploit.
Regards,
Graham
--
-----------------------------------------
[EMAIL PROTECTED] "There's a moon
over Bourbon Street
tonight..."
smime.p7s
Description: S/MIME Cryptographic Signature
