[mapserver-dev] Buffer overflow in msOWSParseRequestMetadata
fabian.schindler at eox.at
Tue Jul 17 04:06:02 PDT 2012
> PS: can you open an issue for this ?
>> Augmenting the buffer size isn't an appropriate fix imho. We can have
>> two different fixes:
>> - char requestBuffer = msSmallMalloc(strlen(metadata)+1); instead of
>> char requestBuffer; This has the inconvenience of calling a
The function is actually called quite often, and using dynamic memory
allocation may result in a worse performance.
>> - The code there seems quite complicated, and if I understand
>> correctly what it's trying to do can be replaced with some calls to
>> strcasestr. As Alan is absent this week, I'd be willing to implement
>> and apply a patch provided you can help validate it doesn't have
>> side-effects I did not foresee?
That would be great! I'm willing to help on the validation and testing.
>> As for 6.0.4 there are no immediate plans I think. Can you package
>> 6.0.3 + a patch for the liveDVD?
Actually we use the pre-installed version of MapServer on the liveDVD,
I'm not yet sure how we can solve the issue for us. Perfect would be a
6.0.4 release on UbuntuGIS, but I'm afraid that won't happen in time :)
Thanks a lot,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the mapserver-dev