On 31.05.2014 19:37, Christopher Schultz wrote: > Rainer, > > On 5/31/14, 8:12 AM, rj...@apache.org wrote: >> Author: rjung >> Date: Sat May 31 12:12:36 2014 >> New Revision: 1598864 >> >> URL: http://svn.apache.org/r1598864 >> Log: >> Reduce log level for "OPTIONS *" requests >> from warning to debug. >> >> Modified: >> tomcat/jk/trunk/native/common/jk_uri_worker_map.c >> tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml >> >> Modified: tomcat/jk/trunk/native/common/jk_uri_worker_map.c >> URL: >> http://svn.apache.org/viewvc/tomcat/jk/trunk/native/common/jk_uri_worker_map.c?rev=1598864&r1=1598863&r2=1598864&view=diff >> ============================================================================== >> --- tomcat/jk/trunk/native/common/jk_uri_worker_map.c (original) >> +++ tomcat/jk/trunk/native/common/jk_uri_worker_map.c Sat May 31 12:12:36 >> 2014 >> @@ -1093,8 +1093,14 @@ const char *map_uri_to_worker_ext(jk_uri >> if (index) >> *index = -1; >> if (*uri != '/') { >> - jk_log(l, JK_LOG_WARNING, >> - "Uri %s is invalid. Uri must start with /", uri); >> + if (*uri == '*' && *(uri+1) == '\0' && JK_IS_DEBUG_LEVEL(l)) { > > Potential buffer-read overflow? I'm not sure how else we'd check for > string-length, since 'uri' is char* and does not come with an > accompanying length parameter, so the only way to check for length would > be to explicitly search for \0, which is what you are doing, here. > > Any reason not to use strcmp instead of manually dereferencing? > Performance is a bit of a factor, but manual dereferencing is more error > prone.
Calling strcmp() because of a two byte check didn't seem worth it. I don't see the buffer-read overflow here. Uri is a null-terminated string and is *uri is '*' then it is valid to check *(uri+1). IMHO whether to check the individual bytes or to use strcmp() is a matter of style. Regards, Rainer --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
