Possible bug in isapi_redirector.dll

Mon, 09 Jul 2001 23:57:33 -0700 

Hello there everybody, We think we may have found a bug, possibly in IIS,
which affects isapi_redirect.dll. We were wondering if anyone else has seen
this. Perhaps this is a bug for MS, but it seems to affect tomcat so maybe
someone here can shed some light.

Our software versions are:
IIS 4.0
jk_isapi_plugin.c revision 1.5.2.2
tomcat 3.2.2
Windows NT 4.0 sp6



The relevant code in is the file jk_isapi_plugin.c, line 960 in the
function:

static int get_server_value(LPEXTENSION_CONTROL_BLOCK lpEcb,
                            char *name,
                            char  *buf,
                            DWORD bufsz,
                            char  *def_val)


When the function lpEcb->GetServerVariable(...) on line 965 is called to
retrieve CERT_SERIALNUMBER, the value returned in bufsz is wrong. Our
certificate serial number is 48 chars long, but the value contained in bufsz
is 47, where it should be 49 (the length of the serial number + 1 for string
terminator).
After the call to GetServerVariable() a '\0' is inserted into buf at
bufsz-1. This causes our certificate serial number to be truncated by 2
bytes.

The microsoft doco says that the value returned should be the value length +
1 for the string terminator. This is from:
http://msdn.microsoft.com/library/en-us/iisref/html/psdk/asp/isre8376.asp?fr
ame=true


Here is an example from our isapi.log. We had modified the code to so that
it prints out the full serial number, and added a couple of our own
debugging statements in here too). You can see that the actual
CERT_SERIALNUMBER is 48 chars. A call to strlen(buf) right after the
function call returns 48 but bufsz is 47.

[jk_isapi_plugin.c (967)]: get_server_value():
strlen(buf)=48[jk_isapi_plugin.c (973)]: get_server_value(): bufsz=47
[jk_isapi_plugin.c (974)]: get_server_value():
CERT_SERIALNUMBER=a8-33-ac-b2-ad-c4-34-0e-41-07-01-b1-24-b7-55-05-
[jk_isapi_plugin.c (967)]: get_server_value():
strlen(buf)=67[jk_isapi_plugin.c (973)]: get_server_value(): bufsz=68
[jk_isapi_plugin.c (974)]: get_server_value(): HTTPS_SERVER_ISSUER=C=AU,
S=SA, L=Thebarton, O=StrategicEcommerce, OU=Toytown, CN=Jules
[jk_isapi_plugin.c (967)]: get_server_value():
strlen(buf)=2[jk_isapi_plugin.c (973)]: get_server_value(): bufsz=3
[jk_isapi_plugin.c (974)]: get_server_value(): HTTPS_KEYSIZE=40

This only seems to occur when trying to retrieve values related to
certificates. All the others seem fine. If anyone wants any more details,
please let us know and we will gladly help.

Cheers

Sam + Jules

Reply via email to