[EMAIL PROTECTED] wrote:
Author: mturk
Date: Thu Jun 28 23:32:27 2007
New Revision: 551809
URL: http://svn.apache.org/viewvc?view=rev&rev=551809
Log:
Fix potential overflow. The actual encoded string length is strlen + 3 (Two
bytes for len and one '\0')
Modified:
tomcat/connectors/trunk/jk/native/common/jk_msg_buff.c
Modified: tomcat/connectors/trunk/jk/native/common/jk_msg_buff.c
URL:
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/common/jk_msg_buff.c?view=diff&rev=551809&r1=551808&r2=551809
==============================================================================
--- tomcat/connectors/trunk/jk/native/common/jk_msg_buff.c (original)
+++ tomcat/connectors/trunk/jk/native/common/jk_msg_buff.c Thu Jun 28 23:32:27
2007
@@ -173,7 +173,7 @@
}
len = (unsigned short)strlen(param);
- if (msg->len + len + 2 > msg->maxlen) {
+ if (msg->len + len + 3 > msg->maxlen) {
return -1;
}
@@ -181,7 +181,7 @@
jk_b_append_int(msg, len);
/* We checked for space !! */
- strncpy((char *)msg->buf + msg->len, param, len + 1); /* including
\0 */
+ memcpy(msg->buf + msg->len, param, len + 1); /* including \0 */
Why do you remove the (char *)?
Cheers
Jean-Frederic
#if (defined(AS400) && !defined(AS400_UTF8)) || defined(_OSD_POSIX)
/* convert from EBCDIC if needed */
jk_xlate_to_ascii((char *)msg->buf + msg->len, len + 1);
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
