axis-c-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Blough (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (AXIS2C-1415) Buffer overrun in axis2_http_client_recieve_header when receiving a HTTP header field larger than 512 bytes in length.
Date Tue, 04 Dec 2018 02:57:00 GMT

     [ https://issues.apache.org/jira/browse/AXIS2C-1415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Bill Blough resolved AXIS2C-1415.
---------------------------------
       Resolution: Fixed
    Fix Version/s:     (was: Next Version)
                   1.7.0

Fixed in r1848118

> Buffer overrun in axis2_http_client_recieve_header when receiving a HTTP header field
larger than 512 bytes in length.
> ----------------------------------------------------------------------------------------------------------------------
>
>                 Key: AXIS2C-1415
>                 URL: https://issues.apache.org/jira/browse/AXIS2C-1415
>             Project: Axis2-C
>          Issue Type: Bug
>          Components: transport/http
>    Affects Versions: 1.6.0
>         Environment: Windows XP SP2, Axis2/C compiled with Visual Studio 2008 SP1
>            Reporter: Nigel Meachen
>            Assignee: nadir amra
>            Priority: Major
>             Fix For: 1.7.0
>
>
> A buffer overrun occurs in axis2_http_client_recieve_header when a HTTP header field
larger than 512 bytes is received resulting in stack corruption and in my case causes the
client to loop forever.
> In my scenario I was using the Axis2/C 1.6 client to invoke a RESTful service using Basic
Authentication running on a Websphere 7 environment. Upon successful authentication the response
HTTP header contains a Set-Cookie field totaling 760 bytes.
> I was able to work around this issue by doubling the size of the str_header field and
modifying the memset reference to use sizeof avoiding the need to modify thm in the future
if the size changes again. The module at the least should keep track of the accumulated header
field size to avoid overruns in the future but ideally should dynamically allocate memory
to cope with any size header field.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: c-dev-help@axis.apache.org


Mime
View raw message