[patch] Truncated port number in Via:

Mon, 29 Oct 2001 04:52:02 -0800 

Hi,

In the latest CVS snapshot of apache2, proxy_http.c has a bug, in the function
ap_proxy_http_determine_connection(), which, among other things, prepares the
string server_portstr which is used in the Via header. The line which
prepares this string is

 apr_snprintf(server_portstr, sizeof(server_portstr), ":%d", server_port);

This could have been OK, if server_portstr was a character array. However,
server_portstr is a character pointer (it is a formal parameter of this
function), and there for its size is 4 (at least on a 32 bits machine), which
truncates the port number to the first two digits! E.g, if the port number is
8443, the result is ":84" (with a null byte). In the calling function,
ap_proxy_http_handler, server_portstr is really defined as a 32 bytes character
array, but this doesn't help here! It is easy to fix, of-course, e.g, by adding
another formal parameter for the size of the string, and fixing the call.

This is a (tested) patch which does that:


--- proxy_http.c~       Sun Oct 14 23:50:23 2001
+++ proxy_http.c        Mon Oct 29 15:17:12 2001
@@ -194,7 +194,8 @@
                                                 char **url,
                                                 const char *proxyname,
                                                 apr_port_t proxyport,
-                                                char *server_portstr) {
+                                                char *server_portstr,
+                                               int server_portstr_size) {
     int server_port;
     apr_status_t err;
     apr_sockaddr_t *uri_addr;
@@ -253,7 +254,7 @@
         if (ap_is_default_port(server_port, r)) {
             strcpy(server_portstr,"");
         } else {
-            apr_snprintf(server_portstr, sizeof(server_portstr), ":%d",
+            apr_snprintf(server_portstr, server_portstr_size, ":%d",
                          server_port);
         }
     }
@@ -940,7 +941,8 @@
     /* Step One: Determine Who To Connect To */
     status = ap_proxy_http_determine_connection(p, r, p_conn, c, conf, uri,
                                                 &url, proxyname, proxyport,
-                                                server_portstr);
+                                               server_portstr,
+                                               sizeof(server_portstr));
     if ( status != OK ) {
         return status;
     }

Best,

Zvi.


-- 
Dr. Zvi Har'El     mailto:[EMAIL PROTECTED]     Department of Mathematics
tel:+972-54-227607                   Technion - Israel Institute of Technology
fax:+972-4-8324654 http://www.math.technion.ac.il/~rl/     Haifa 32000, ISRAEL
"If you can't say somethin' nice, don't say nothin' at all." -- Thumper (1942)
                             Monday, 12 Heshvan 5762, 29 October 2001,  3:00PM

Reply via email to