Buffer overrun in axis2_http_client_recieve_header when receiving a HTTP header
field larger than 512 bytes in length.
----------------------------------------------------------------------------------------------------------------------
Key: AXIS2C-1415
URL: https://issues.apache.org/jira/browse/AXIS2C-1415
Project: Axis2-C
Issue Type: Bug
Components: transport/http
Affects Versions: 1.6.0
Environment: Windows XP SP2, Axis2/C compiled with Visual Studio 2008
SP1
Reporter: Nigel Meachen
A buffer overrun occurs in axis2_http_client_recieve_header when a HTTP header
field larger than 512 bytes is received resulting in stack corruption and in my
case causes the client to loop forever.
In my scenario I was using the Axis2/C 1.6 client to invoke a RESTful service
using Basic Authentication running on a Websphere 7 environment. Upon
successful authentication the response HTTP header contains a Set-Cookie field
totaling 760 bytes.
I was able to work around this issue by doubling the size of the str_header
field and modifying the memset reference to use sizeof avoiding the need to
modify thm in the future if the size changes again. The module at the least
should keep track of the accumulated header field size to avoid overruns in the
future but ideally should dynamically allocate memory to cope with any size
header field.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
