[mapserver-dev] Ticket 3537 - Buffer overflow vulnerabilities
Daniel Morissette
dmorissette at mapgears.com
Wed Oct 6 11:21:49 EDT 2010
Alan Boudreault wrote:
>
> Here's the patches:
>
> http://trac.osgeo.org/mapserver/attachment/ticket/3537/3537-1.patch
>
> http://trac.osgeo.org/mapserver/attachment/ticket/3537/3537-2.patch
>
Alan,
Initializing a variable (and arrays) with a non-static value is not
valid in ANSI C (a.k.a. C89/90) and may not work on all compilers. I
know of at least VC++ on Windows that will fail.
i.e. the following pattern added in mapfile.c (and possibly elsewhere)
size_t buffer_size = 10 + strlen(value+5) + 1;
char *init_string = (char*)malloc(buffer_size);
should be replaced with:
size_t buffer_size;
char *init_string;
buffer_size = 10 + strlen(value+5) + 1;
init_string = (char*)malloc(buffer_size);
I also noticed the following pattern in a few places. I don't know if
that's allowed or not in C89/90. Since bufferSize is a const that may be
okay, but I'm not 100% sure:
const size_t bufferSize = 1024;
char szBuffer[bufferSize];
Could someone please apply and test the patches on Windows?
Daniel
--
Daniel Morissette
http://www.mapgears.com/
More information about the mapserver-dev
mailing list