httpd: memory hole in function addEnv() and more
Dirk Clemens
develop at cle-mens.de
Sun Sep 4 11:51:37 UTC 2005
Rob Landley wrote:
>>
>>We know the maximum needed size of the temp buffer within one
>>call of sendCgi():
>
>
> Considering that the URL is of arbitrar arbitrary length...
>
I have done that.
>
>> needed_size = max_env_var_name + maximum( stdlen(uri), MAX_PATH) + 2;
I mean strlen(uri) and not stdlen(uri), sorry.
The problem is, that the space for a possible large URI should not
be reserved by alloca(). See the other posting a few minutes
before this.
>> snprintf(envbuf,envbuf_size,"NAME=%s",value);
>> putenv(envbuf);
>
>
> It's still possible that numerous calls to one wrapper with two
arguments is
> going to be smaller than numerous calls to two functions with a total
of four
> arguments. The wrapper isn't all that big, and a simplification that
makes
> the binary bigger is a hard sell here...
It is only an idea to replace then current addEnv()
(perhaps again as wrapper) without many alloc+free cycles.
Dirk
More information about the busybox
mailing list