On Mon, Aug 5, 2013 at 2:11 PM, Mike Rumph <[email protected]> wrote:
> Hello all, > > A comment section in support/ab.c lists the following known problems: > > /* > * BUGS: > * > * - uses strcpy/etc. > * - has various other poor buffer attacks related to the lazy parsing of > * response headers from the server > * - doesn't implement much of HTTP/1.x, only accepts certain forms of > * responses > * - (performance problem) heavy use of strstr shows up top in profile > * only an issue for loopback usage > */ > > I was able to duplicate segmentation faults through the T and X command > line options. > > I submitted a patch to fix potential buffer overflows through these > options. > - > https://issues.apache.org/**bugzilla/show_bug.cgi?id=55360<https://issues.apache.org/bugzilla/show_bug.cgi?id=55360> > > The patch also removes 2 unreferenced fixed length buffers. > > support/ab.c also contains 3 additional fixed length buffers that could > potentially overflow: > - servername, buffer and _request > > Fixing these problems will require a deeper understanding of the code. > > Please, consider the submitted patch for adoption. > The patch looks fine in an initial glance. I anticipate committing it today after eyeballing it a bit more. (Or else I'll speak up.) Thanks, Jeff > > Thanks, > > Mike Rumph > > > -- Born in Roswell... married an alien... http://emptyhammock.com/
