axis-c-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Blough (Jira)" <j...@apache.org>
Subject [jira] [Updated] (AXIS2C-1387) apache2_stream_read function ignores errors from ap_get_client_block is size_t is unsigned
Date Tue, 07 Apr 2020 16:06:00 GMT

     [ https://issues.apache.org/jira/browse/AXIS2C-1387?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Bill Blough updated AXIS2C-1387:
--------------------------------
    Fix Version/s: 1.7.0

> apache2_stream_read function ignores errors from ap_get_client_block is size_t is unsigned
> ------------------------------------------------------------------------------------------
>
>                 Key: AXIS2C-1387
>                 URL: https://issues.apache.org/jira/browse/AXIS2C-1387
>             Project: Axis2-C
>          Issue Type: Bug
>          Components: httpd module
>    Affects Versions: 1.6.0
>         Environment: CentOS 5.3
> httpd-2.2.3
> rampartc-1.3.0
> dell precision desktop
>            Reporter: Murph McCloy
>            Assignee: Korale Gamaralalage Nandika Chandrasiri Jayawardana
>            Priority: Minor
>             Fix For: 1.7.0
>
>         Attachments: apache2_stream_read_input_filter.patch
>
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> This problem has only been noticed when attempting to decompress input streams via apache.
> The problem occurs when a decompression payload fails to decompress properly.  In my
test case it was because the payload had some flags set in the gzip headers and mod_deflate
doesn't support flags.  mod_deflate then returned an APR_EGENERAL error message.  This message
then bubbled up and was returned as a -1 to apache2_stream_read.
> This is a problem because size_t, on my system, is unsigned.  The checks in apache2_stream_read
fail to catch a negative value in this scenario and dont respond appropriately.
> while (count - len > 0)
> {
>     read = ap_get_client_block(stream_impl->request, (char *)buffer + len, count -
len);
>     if (read > 0)
>     {
>         len += read;
>     }
>     else 
>     {
>         break;
>     }
> }
> The else statement will never get reached while read is unsigned.  Also, the while loop
might have troubles as well.  I would suggest modifying read and len to be ssize_t so they
match the return value of ap_get_client_block.
> If I get this modified and working, I will submit a patch.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: c-dev-help@axis.apache.org


Mime
View raw message