Hello all,
A comment section in support/ab.c lists the following known problems:
/*
* BUGS:
*
* - uses strcpy/etc.
* - has various other poor buffer attacks related to the lazy parsing of
* response headers from the server
* - doesn't implement much of HTTP/1.x, only accepts certain forms of
* responses
* - (performance problem) heavy use of strstr shows up top in profile
* only an issue for loopback usage
*/
I was able to duplicate segmentation faults through the T and X command
line options.
I submitted a patch to fix potential buffer overflows through these options.
- https://issues.apache.org/bugzilla/show_bug.cgi?id=55360
The patch also removes 2 unreferenced fixed length buffers.
support/ab.c also contains 3 additional fixed length buffers that could
potentially overflow:
- servername, buffer and _request
Fixing these problems will require a deeper understanding of the code.
Please, consider the submitted patch for adoption.
Thanks,
Mike Rumph
