Sorry - false alarm, per the open spec for limits.h the patch -is- correct...
{PATH_MAX}Maximum number of bytes in a pathname, including the terminating null character. Minimum Acceptable Value: {_POSIX_PATH_MAX} [XSI] [image: [Option Start]] Minimum Acceptable Value: {_XOPEN_PATH_MAX} [image: [Option End]] On Thu, Jun 16, 2016 at 11:06 AM, William A Rowe Jr <wr...@rowe-clan.net> wrote: > ATTN Jim, > > I presume you didn't read the note below? > > > On Thu, Jun 16, 2016 at 6:59 AM, William A Rowe Jr <wr...@rowe-clan.net> > wrote: > >> This looks inverted. The buffer should be MAX+1. >> >> This logic error leads to paths valid in one context, which fail later in >> the next bit of code. >> On Jun 16, 2016 12:17 AM, <jaillet...@apache.org> wrote: >> >>> Author: jailletc36 >>> Date: Thu Jun 16 05:17:35 2016 >>> New Revision: 1748653 >>> >>> URL: http://svn.apache.org/viewvc?rev=1748653&view=rev >>> Log: >>> Fix a potential buffer overflow. >>> >>> Modified: >>> httpd/httpd/trunk/modules/filters/sed0.c >>> >>> Modified: httpd/httpd/trunk/modules/filters/sed0.c >>> URL: >>> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/filters/sed0.c?rev=1748653&r1=1748652&r2=1748653&view=diff >>> >>> ============================================================================== >>> --- httpd/httpd/trunk/modules/filters/sed0.c (original) >>> +++ httpd/httpd/trunk/modules/filters/sed0.c Thu Jun 16 05:17:35 2016 >>> @@ -588,7 +588,7 @@ jtcommon: >>> command_errf(commands, SEDERR_SMMES, >>> commands->linebuf); >>> return -1; >>> } >>> - if (text(commands, fnamebuf, &fnamebuf[APR_PATH_MAX]) >>> == NULL) { >>> + if (text(commands, fnamebuf, &fnamebuf[APR_PATH_MAX-1]) >>> == NULL) { >>> command_errf(commands, SEDERR_FNTL, >>> commands->linebuf); >>> return -1; >>> } >>> @@ -617,7 +617,7 @@ jtcommon: >>> command_errf(commands, SEDERR_SMMES, commands->linebuf); >>> return -1; >>> } >>> - if (text(commands, fnamebuf, &fnamebuf[APR_PATH_MAX]) == >>> NULL) { >>> + if (text(commands, fnamebuf, &fnamebuf[APR_PATH_MAX-1]) == >>> NULL) { >>> command_errf(commands, SEDERR_FNTL, commands->linebuf); >>> return -1; >>> } >>> >>> >>> >