[mapguide-commits] r9070 - sandbox/adsk/2.5k/Web/src/IsapiAgent
svn_mapguide at osgeo.org
svn_mapguide at osgeo.org
Tue Oct 11 18:00:26 PDT 2016
Author: christinebao
Date: 2016-10-11 18:00:25 -0700 (Tue, 11 Oct 2016)
New Revision: 9070
Modified:
sandbox/adsk/2.5k/Web/src/IsapiAgent/IsapiResponseHandler.cpp
Log:
#2750: Isapi mapagent crashes when server error message is too long
If there is an exception when MapGuide server processes a request, the exception will be sent back to web extension. Isapi response handler will convert this exception to html format.
The crash happens when the error message is too long. We will get a 'security check fail or buffer overflow' error. We think it is related to the unsafe API vsprintf(). It doesn't crash after changing the API to vsprintf_s().
Modified: sandbox/adsk/2.5k/Web/src/IsapiAgent/IsapiResponseHandler.cpp
===================================================================
--- sandbox/adsk/2.5k/Web/src/IsapiAgent/IsapiResponseHandler.cpp 2016-10-11 13:46:56 UTC (rev 9069)
+++ sandbox/adsk/2.5k/Web/src/IsapiAgent/IsapiResponseHandler.cpp 2016-10-12 01:00:25 UTC (rev 9070)
@@ -250,12 +250,15 @@
void IsapiResponseHandler::WriteContext(const char *pszFormat, ...)
{
- char szBuffer[4096];
+ char* szBuffer;
+ int len;
va_list arg_ptr;
va_start(arg_ptr, pszFormat);
- vsprintf(szBuffer, pszFormat, arg_ptr);
+ len = _vscprintf(pszFormat, arg_ptr) + 1;
+ szBuffer = (char*)malloc(len * sizeof(char));
+ vsprintf_s(szBuffer, len, pszFormat, arg_ptr);
va_end(arg_ptr);
-
DWORD dwSize = (DWORD)strlen(szBuffer);
m_pECB->WriteClient(m_pECB->ConnID, szBuffer, &dwSize, 0);
+ free(szBuffer);
}
More information about the mapguide-commits
mailing list