Need to look, but at 1st blush it looks like an off-by-1 error there. On Oct 17, 2013, at 11:33 AM, Yann Ylavic <ylavic....@gmail.com> wrote:
> > Maybe ap_proxy_strncpy() could aso have no "slow" path with this change : > > Index: modules/proxy/proxy_util.c > =================================================================== > --- modules/proxy/proxy_util.c (revision 1533118) > +++ modules/proxy/proxy_util.c (working copy) > @@ -90,7 +90,6 @@ APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(proxy, PROXY, > PROXY_DECLARE(apr_status_t) ap_proxy_strncpy(char *dst, const char *src, > apr_size_t dlen) > { > - char *thenil; > apr_size_t thelen; > > /* special case: really apr_cpystrn should handle src==NULL*/ > @@ -98,11 +97,8 @@ PROXY_DECLARE(apr_status_t) ap_proxy_strncpy(char > *dst = '\0'; > return APR_SUCCESS; > } > - thenil = apr_cpystrn(dst, src, dlen); > - thelen = thenil - dst; > - /* Assume the typical case is smaller copying into bigger > - so we have a fast return */ > - if ((thelen < dlen-1) || ((strlen(src)) == thelen)) { > + thelen = apr_cpystrn(dst, src, dlen) - dst; > + if (thelen < dlen || !src[dlen]) { > return APR_SUCCESS; > } > /* XXX: APR_ENOSPACE would be better */ > [EOS] > > Regards, > Yann. >