[mapguide-commits] r9107 - trunk/MgDev/Web/src/IsapiAgent
svn_mapguide at osgeo.org
svn_mapguide at osgeo.org
Mon Dec 26 18:12:12 PST 2016
Author: christinebao
Date: 2016-12-26 18:12:12 -0800 (Mon, 26 Dec 2016)
New Revision: 9107
Modified:
trunk/MgDev/Web/src/IsapiAgent/IsapiResponseHandler.cpp
Log:
Merge fix for #2750 to main branch.
#2750: Isapi mapagent crashes when server error message is too long
If there is an exception when MapGuide server processes a request, the exception will be sent back to web extension. Isapi response handler will convert this exception to html format.
The crash happens when the error message is too long. We will get a 'security check fail or buffer overflow' error. We think it is related to the unsafe API vsprintf(). It doesn't crash after changing the API to vsprintf_s().
Modified: trunk/MgDev/Web/src/IsapiAgent/IsapiResponseHandler.cpp
===================================================================
--- trunk/MgDev/Web/src/IsapiAgent/IsapiResponseHandler.cpp 2016-12-27 02:06:50 UTC (rev 9106)
+++ trunk/MgDev/Web/src/IsapiAgent/IsapiResponseHandler.cpp 2016-12-27 02:12:12 UTC (rev 9107)
@@ -249,12 +249,15 @@
void IsapiResponseHandler::WriteContext(const char *pszFormat, ...)
{
- char szBuffer[4096];
+ char* szBuffer;
+ int len;
va_list arg_ptr;
va_start(arg_ptr, pszFormat);
- vsprintf(szBuffer, pszFormat, arg_ptr);
+ len = _vscprintf(pszFormat, arg_ptr) + 1;
+ szBuffer = (char*)malloc(len * sizeof(char));
+ vsprintf_s(szBuffer, len, pszFormat, arg_ptr);
va_end(arg_ptr);
-
DWORD dwSize = (DWORD)strlen(szBuffer);
m_pECB->WriteClient(m_pECB->ConnID, szBuffer, &dwSize, 0);
+ free(szBuffer);
}
More information about the mapguide-commits
mailing list