Bug 20619

Summary: send_response_header() fails to copy status string's last character
Product: Apache httpd-2 Reporter: Jesse Pelton <jsp>
Component: mod_isapiAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: CLOSED FIXED    
Severity: normal CC: LReinstein
Priority: P3 Keywords: PatchAvailable
Version: 2.0.46   
Target Milestone: ---   
Hardware: PC   
OS: All   
Attachments: Trivial patch

Description Jesse Pelton 2003-06-09 17:44:39 UTC
Lines 726-730 of mod_isapi.c read:

        newstat = apr_palloc(cid->r->pool, statlen + 9);
        strcpy(newstat, "Status: ");
        apr_cpystrn(newstat + 8, stat, statlen);
        stat = newstat;
        statlen += 8;

Because apr_cpystrn() reserves a byte for a terminal null and statlen is the
length of the status string to be copied, the final character of the status
string is replaced with a null when it is copied to newstat.  The apr_palloc()
call allocates sufficient space for the entire status string plus a terminal
null, so I think the only change required is in line 728:

        apr_cpystrn(newstat + 8, stat, statlen + 1);
Comment 1 Jesse Pelton 2003-06-10 19:28:30 UTC
Created attachment 6741 [details]
Trivial patch
Comment 2 Ludek Reinstein 2003-07-04 07:45:05 UTC
*** Bug 21302 has been marked as a duplicate of this bug. ***
Comment 3 Jeff Trawick 2003-11-21 22:20:40 UTC
enabling the PatchAvailable keyword
updated doc on submitting patches is at http://httpd.apache.org/dev/patches.html
Comment 4 Jeff Trawick 2004-02-16 17:51:38 UTC
thanks for the patch!

committed to 2.1-dev, will suggest shortly that it be merged into the stable branch
Comment 5 William A. Rowe Jr. 2004-02-17 20:08:37 UTC
  +1 on purusing the patch.  I believe(d) that we handled this header using
  the statlen bytecount, so as a counted string the trailing null was not
  important.  But trusting your patch :)  Thank you.