[132] in 6.033-lab
string initialization bug
daemon@ATHENA.MIT.EDU (Kevin Fu)
Wed Mar 3 10:07:07 1999
To: 6.033-lab@MIT.EDU
Date: Wed, 03 Mar 1999 10:06:55 EST
From: Kevin Fu <fubob@MIT.EDU>
Email says it all. We neglected to initialize a string.
--------
Kevin E. Fu (fubob@mit.edu)
PGP key: finger fubob@monk.mit.edu
------- Forwarded Message
Date: Wed, 03 Mar 1999 02:13:54 -0500
To: 6.033-lab-tas@MIT.EDU
From: Stanley Hu <stanhu@MIT.EDU>
Subject: bug in http.c
Here's an annoying bug in http.c that crashes the entire Web proxy:
On line 260:
m->other = (char *) xmalloc((reqLen + 1) * sizeof(char));
..
..
..
value = strtok(NULL, CRLF);
if (str != NULL) strcat(m->other, str);
Since the pointer returned by malloc could contain garbage, the strcat()
call could cause a seg fault due to a buffer overflow.
To fix this problem, simply add the following line after the malloc call:
m->other[0] = '\0';
- -Stanley
------- End of Forwarded Message
