On Tue, 2007-06-05 at 17:15 -0500, Webster, Chris wrote:
> The code change was brought to my attention by sans.org (for
> vulnerability CVE 2007-0774). No offense intended but the fix seems a
> little inefficient.
You fix is bad.... Because we only need the url: part of the uri before
the ';' so you will prevent valid url to work with this correction.
Cheers
Jean-Frederic
>
> It shows the fix coded as:
>
> for (i = 0; i < strlen(uri); i++) {
> if (i == JK_MAX_URI_LEN) {
> jk_log(l, JK_LOG_WARNING,
> "Uri %s is invalid. Uri must be smaller then %d
> chars",
> uri, JK_MAX_URI_LEN);
> JK_TRACE_EXIT(l);
> return NULL;
> }
> if (uri[i] == ';')
> break;
> else
> url[i] = uri[i];
> }
>
> Wouldn't it be better to be coded as something like this?
>
> int uriLen = strlen( uri );
> if ( uriLen >= JK_MAX_URI_LEN) {
> jk_log(l, JK_LOG_WARNING,
> "Uri %s is invalid. Uri must be smaller then %d chars",
> uri, JK_MAX_URI_LEN);
> JK_TRACE_EXIT(l);
> return NULL;
> }
>
> for (i = 0; i < uriLen; i++) {
> if (uri[i] == ';')
> break;
> else
> url[i] = uri[i];
> }
>
> The check would then only be done once instead of for each character.
> Not sure about logging the whole thing either but I'm just an observer.
>
> Sorry but I'm not ready to dive in and make the change myself at this
> time.
>
> ...chris.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
