On Mon, Aug 5, 2013 at 4:10 PM, Jeff Trawick <traw...@gmail.com> wrote:
> On Mon, Aug 5, 2013 at 2:11 PM, Mike Rumph <mike.ru...@oracle.com> wrote: > >> Hello all, >> >> A comment section in support/ab.c lists the following known problems: >> >> /* >> * BUGS: >> * >> * - uses strcpy/etc. >> * - has various other poor buffer attacks related to the lazy parsing of >> * response headers from the server >> * - doesn't implement much of HTTP/1.x, only accepts certain forms of >> * responses >> * - (performance problem) heavy use of strstr shows up top in profile >> * only an issue for loopback usage >> */ >> >> I was able to duplicate segmentation faults through the T and X command >> line options. >> >> I submitted a patch to fix potential buffer overflows through these >> options. >> - >> https://issues.apache.org/**bugzilla/show_bug.cgi?id=55360<https://issues.apache.org/bugzilla/show_bug.cgi?id=55360> >> >> The patch also removes 2 unreferenced fixed length buffers. >> >> support/ab.c also contains 3 additional fixed length buffers that could >> potentially overflow: >> - servername, buffer and _request >> >> Fixing these problems will require a deeper understanding of the code. >> >> Please, consider the submitted patch for adoption. >> > > > The patch looks fine in an initial glance. I anticipate committing it > today after eyeballing it a bit more. (Or else I'll speak up.) > This is now in trunk as r1510707; I'll nominate for inclusion in 2.4.next shortly. > Thanks, > > Jeff > > >> >> Thanks, >> >> Mike Rumph >> >> >> > > > -- > Born in Roswell... married an alien... > http://emptyhammock.com/ > -- Born in Roswell... married an alien... http://emptyhammock.com/
