ap_pstrcat misused could crash Apache

Theoderich / mod-auth-token

Automatically exported from code.google.com/p/mod-auth-token

Apache License 2.0

1 stars 0 forks source link

ap_pstrcat misused could crash Apache #23

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

Standing to Apache's APR documentation at

https://apr.apache.org/docs/apr/0.9/group__apr__strings.html#g7bd80c95ffb7b3f96b
c78e7b5b5b0045

the apr_pstrcat() function takes a list of strings. The code in 1.0.6_beta 
instead passes a character ('/'), beside missing a sentinel at the end of 
parameters.

I'm attaching a patch to fix the issue.

Original issue reported on code.google.com by flameeyes on 31 Aug 2011 at 3:46

Attachments:

mod_auth_token-1.0.6_beta-ap_pstrcat.patch

GoogleCodeExporter commented 8 years ago

Thanks for pointing this.
Corrected and pushed.

Original comment by teixeira...@gmail.com on 24 May 2012 at 7:39

Changed state: Fixed