[prev in list] [next in list] [prev in thread] [next in thread]
List: rampart-c-dev
Subject: [jira] [Created] (AXIS2C-1600) buffer overrun by patching NUL behind stream buffer
From: "Heiner Marxen (JIRA)" <jira () apache ! org>
Date: 2012-06-21 15:48:43
Message-ID: 2031197075.39287.1340293723064.JavaMail.jiratomcat () issues-vm
[Download RAW message or body]
Heiner Marxen created AXIS2C-1600:
-------------------------------------
Summary: buffer overrun by patching NUL behind stream buffer
Key: AXIS2C-1600
URL: https://issues.apache.org/jira/browse/AXIS2C-1600
Project: Axis2-C
Issue Type: Bug
Components: core/transport, util, xml/om
Affects Versions: 1.6.0
Reporter: Heiner Marxen
In functions axiom_data_source_serialize() and \
axis2_simple_http_svr_conn_write_respond() the buffer obtained via \
axutil_stream_get_buffer() and axutil_stream_get_len() is terminated with a NUL byte \
by patching behind the filled data. If the buffer is exactly full at that time, that \
NUL is patched into not allocated memory, which may currupt the malloc memory arena \
(corrupt the heap).
We have patched "stream.c" to always allocate one more byte than is necessary or \
used, so that always at least one more byte of memory is allocated. That made our \
crashes go away.
A more clean solution would be to have stream.c offer a function that guarantees that \
additional byte (eventually reallocating), which would be called prior to \
axutil_stream_get_buffer(), whenever such a NUL byte patching is required.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: \
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more \
information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: c-dev-help@axis.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic