Bug 20617 - GetServerVariable("ALL_RAW") returns wrong buffer size
Summary: GetServerVariable("ALL_RAW") returns wrong buffer size
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_isapi (show other bugs)
Version: 2.0.46
Hardware: PC All
: P3 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Keywords: PatchAvailable
Depends on:
Reported: 2003-06-09 17:38 UTC by Jesse Pelton
Modified: 2005-03-20 17:06 UTC (History)
0 users

Trivial patch (373 bytes, patch)
2003-06-10 19:27 UTC, Jesse Pelton
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jesse Pelton 2003-06-09 17:38:47 UTC
Line 586 adds two bytes to the length of each header string to allow for
characters that will be added when the string is formatted:

            len += strlen(elts[i].key) + strlen(elts[i].val) + 2;

This is consistent with the commentary that precedes it, however, line 598- 602
actually add three bytes to the header string:

            *(((char*)buf_data)++) = ':';
            *(((char*)buf_data)++) = ' ';
            strcpy(buf_data, elts[i].val);
            ((char*)buf_data) += strlen(elts[i].val);
            *(((char*)buf_data)++) = '\n';

Net result: buf_size is one byte per row too small.  GetServerVariable() is
typically called once with a NULL buffer to establish the required buffer size,
then called again with a newly allocated buffer of the appropriate size.  This
isn't possible if the first call returns too small a size.

The fix is simple: change '2' to '3' in line 586.
Comment 1 Jesse Pelton 2003-06-09 17:46:29 UTC
Forgot to mention the file: this is in mod_isapi.c.
Comment 2 Jesse Pelton 2003-06-10 19:27:30 UTC
Created attachment 6740 [details]
Trivial patch
Comment 3 Jesse Pelton 2003-06-10 19:30:58 UTC
Note that the patch is not needed if the patch for bug 20656 is applied.
Comment 4 Jeff Trawick 2003-11-21 22:18:48 UTC
enabling the PatchAvailable keyword
updated doc on submitting patches is at http://httpd.apache.org/dev/patches.html
Comment 5 Jeff Trawick 2004-02-16 17:40:29 UTC
patch committed to Apache 2.1-dev, will propose for backport to stable branch soon

Comment 6 William A. Rowe Jr. 2004-02-17 20:00:05 UTC
  +1 here to backport, thanks Jesse.