From: Jeff Trawick Date: Mon, 19 Aug 2013 11:41:14 +0000 (+0000) Subject: ab: Fix potential buffer overflows when processing the T and X X-Git-Tag: 2.4.7~289 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=27e9aeacb6ae280087b68e9ef22fa45270eedafe;p=apache ab: Fix potential buffer overflows when processing the T and X command-line options. PR: 55360 Submitted by: Mike Rumph Reviewed by: trawick, jim, druggeri git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1515370 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index b02ee0b743..1176e8f782 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,10 @@ Changes with Apache 2.4.7 + *) ab: Fix potential buffer overflows when processing the T and X + command-line options. PR 55360. + [Mike Rumph ] + *) fcgistarter: Specify SO_REUSEADDR to allow starting a server with old connections in TIME_WAIT. [Jeff Trawick] diff --git a/STATUS b/STATUS index 10d893d03a..d300e26f8b 100644 --- a/STATUS +++ b/STATUS @@ -104,12 +104,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK: http://svn.apache.org/r1514214 http://svn.apache.org/r1514617 - * ab: Fix potential buffer overflows when processing the T and X - command-line options. PR 55360. - trunk: http://svn.apache.org/r1510707 - 2.4.x patch: trunk patch works (with offset) - +1: trawick, jim, druggeri - * mod_ldap: Fix an unlikely potential memory leak. PR54936 [Zhenbo Xu ] trunk: http://svn.apache.org/r1504276 diff --git a/support/ab.c b/support/ab.c index f20bae32c5..75f35cfb01 100644 --- a/support/ab.c +++ b/support/ab.c @@ -281,22 +281,20 @@ char servername[1024]; /* name that server reports */ char *hostname; /* host name from URL */ const char *host_field; /* value of "Host:" header field */ const char *path; /* path name */ -char postfile[1024]; /* name of file containing post data */ char *postdata; /* *buffer containing data from postfile */ apr_size_t postlen = 0; /* length of data to be POSTed */ -char content_type[1024];/* content type to put in POST header */ +char *content_type = NULL; /* content type to put in POST header */ const char *cookie, /* optional cookie line */ *auth, /* optional (basic/uuencoded) auhentication */ *hdrs; /* optional arbitrary headers */ apr_port_t port; /* port number */ -char proxyhost[1024]; /* proxy host name */ +char *proxyhost = NULL; /* proxy host name */ int proxyport = 0; /* proxy port */ const char *connecthost; const char *myhost; apr_port_t connectport; const char *gnuplot; /* GNUplot file */ const char *csvperc; /* CSV Percentile file */ -char url[1024]; const char *fullurl; const char *colonhost; int isproxy = 0; @@ -1666,7 +1664,7 @@ static void test(void) keepalive ? "Connection: Keep-Alive\r\n" : "", cookie, auth, postlen, - (content_type[0]) ? content_type : "text/plain", hdrs); + (content_type != NULL) ? content_type : "text/plain", hdrs); } if (snprintf_res >= sizeof(_request)) { err("Request too long\n"); @@ -2059,7 +2057,7 @@ int main(int argc, const char * const argv[]) tdstring = "bgcolor=white"; cookie = ""; auth = ""; - proxyhost[0] = '\0'; + proxyhost = ""; hdrs = ""; apr_app_initialize(&argc, &argv, NULL); @@ -2161,7 +2159,7 @@ int main(int argc, const char * const argv[]) * something */ break; case 'T': - strcpy(content_type, opt_arg); + content_type = apr_pstrdup(cntxt, opt_arg); break; case 'C': cookie = apr_pstrcat(cntxt, "Cookie: ", opt_arg, "\r\n", NULL); @@ -2232,7 +2230,7 @@ int main(int argc, const char * const argv[]) p++; proxyport = atoi(p); } - strcpy(proxyhost, opt_arg); + proxyhost = apr_pstrdup(cntxt, opt_arg); isproxy = 1; } break;