[mapserver-dev] Buffer overflow in msOWSParseRequestMetadata

Fabian Schindler fabian.schindler at eox.at
Tue Jul 17 04:06:02 PDT 2012

> PS: can you open an issue for this ?
Done: https://github.com/mapserver/mapserver/issues/4393
>> Augmenting the buffer size isn't an appropriate fix imho. We can have
>> two different fixes:
>> - char requestBuffer = msSmallMalloc(strlen(metadata)+1); instead of
>> char requestBuffer[32]; This has the inconvenience of calling a
>> malloc.
The function is actually called quite often, and using dynamic memory 
allocation may result in a worse performance.
>> - The code there seems quite complicated, and if I understand
>> correctly what it's trying to do can be replaced with some calls to
>> strcasestr. As Alan is absent this week, I'd be willing to implement
>> and apply a patch provided you can help validate it doesn't have
>> side-effects I did not foresee?
That would be great! I'm willing to help on the validation and testing.
>> As for 6.0.4 there are no immediate plans I think. Can you package
>> 6.0.3 + a patch for the liveDVD?
Actually we use the pre-installed version of MapServer on the liveDVD, 
I'm not yet sure how we can solve the issue for us. Perfect would be a 
6.0.4 release on UbuntuGIS, but I'm afraid that won't happen in time :)

Thanks a lot,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/mapserver-dev/attachments/20120717/d621d3fb/attachment.html>

More information about the mapserver-dev mailing list