Bug 20619 - send_response_header() fails to copy status string's last character
Summary: send_response_header() fails to copy status string's last character
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_isapi (show other bugs)
Version: 2.0.46
Hardware: PC All
: P3 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Keywords: PatchAvailable
: 21302 (view as bug list)
Depends on:
Reported: 2003-06-09 17:44 UTC by Jesse Pelton
Modified: 2005-03-20 17:06 UTC (History)
1 user (show)

Trivial patch (383 bytes, patch)
2003-06-10 19:28 UTC, Jesse Pelton
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jesse Pelton 2003-06-09 17:44:39 UTC
Lines 726-730 of mod_isapi.c read:

        newstat = apr_palloc(cid->r->pool, statlen + 9);
        strcpy(newstat, "Status: ");
        apr_cpystrn(newstat + 8, stat, statlen);
        stat = newstat;
        statlen += 8;

Because apr_cpystrn() reserves a byte for a terminal null and statlen is the
length of the status string to be copied, the final character of the status
string is replaced with a null when it is copied to newstat.  The apr_palloc()
call allocates sufficient space for the entire status string plus a terminal
null, so I think the only change required is in line 728:

        apr_cpystrn(newstat + 8, stat, statlen + 1);
Comment 1 Jesse Pelton 2003-06-10 19:28:30 UTC
Created attachment 6741 [details]
Trivial patch
Comment 2 Ludek Reinstein 2003-07-04 07:45:05 UTC
*** Bug 21302 has been marked as a duplicate of this bug. ***
Comment 3 Jeff Trawick 2003-11-21 22:20:40 UTC
enabling the PatchAvailable keyword
updated doc on submitting patches is at http://httpd.apache.org/dev/patches.html
Comment 4 Jeff Trawick 2004-02-16 17:51:38 UTC
thanks for the patch!

committed to 2.1-dev, will suggest shortly that it be merged into the stable branch
Comment 5 William A. Rowe Jr. 2004-02-17 20:08:37 UTC
  +1 on purusing the patch.  I believe(d) that we handled this header using
  the statlen bytecount, so as a counted string the trailing null was not
  important.  But trusting your patch :)  Thank you.