bugzilla at apache
Aug 5, 2013, 10:46 AM
Post #1 of 1
(15 views)
Permalink
|
|
[Bug 55360] New: Potential buffer overflows in support/ab
|
|
https://issues.apache.org/bugzilla/show_bug.cgi?id=55360
Bug ID: 55360
Summary: Potential buffer overflows in support/ab
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: support
Assignee: bugs [at] httpd
Reporter: mike.rumph [at] oracle
The X and T command line options for support/ab utility can cause buffer
overflow resulting in segmentation faults.
Both of these options do strcpy into fixed length buffers of length 1024.
As an example, the following test results in a segmentation fault on my Linux
64 system:
$ ./ab -T text/a123456789...512 times...a123456789 localhost:8080/welcome.html
The total length of the -T value is 5125 bytes.
I've also tried up to a length of 3845 bytes without getting a segmentation
fault.
But even in this case the 1024 byte buffer would still be overridden.
There are also 2 fixed length buffers that are no longer referenced (postfile
and url) and 3 other fixed length buffers that could potentially overflow
(servername, buffer, _request).
I will submit a patch for the X and T options and remove the unreferenced
buffers.
A fix for the other potential overflows will require a more careful study of
the code.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe [at] httpd
For additional commands, e-mail: bugs-help [at] httpd
|
