github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 13:56:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix buffer overflow on empty strings in key.

Browse Source 
Sometimes apache segfalult on memory copying when key.dptr is some
kind of empty string and key.dsize seems to be 0.
This commit is contained in:
Eugene Alekseev 2015-09-14 16:47:19 +03:00 committed by Felipe Zimmerle
parent fdcab3a60d
commit 7ba07bd547
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apache2/persist_dbm.c
View File

@ -626,7 +626,7 @@ int collections_remove_stale(modsec_rec *msr, const char *col_name) {
*/
rc = apr_sdbm_firstkey(dbm, &key);
while(rc == APR_SUCCESS) {
char *s = apr_pstrmemdup(msr->mp, key.dptr, key.dsize - 1);
char *s = apr_pstrmemdup(msr->mp, key.dptr, strlen(key.dptr));
*(char **)apr_array_push(keys_arr) = s;
rc = apr_sdbm_nextkey(dbm, &key);
}