There is several places in the code using MemBuf as a string blindly
assuming there is a \0 terminator after the data, but MemBufAppend()
apparently do not guarantee this...
Identified so far:
debugObj()
log_mime_hdrs
but there probably is more..
Now to the question: Should we audit the code to make sure it properly
deals with this by appending the \0 where required before using it as a
string with the slight risk of accidently introducing a \0 in output
data, or modify MemBuf to always \0 terminate the data outside of the
accounted data size?
I am a bit surprised we haven't seen this before.. I detected it by
noticing there was HTML error content in cache.log on some "Forwarding
loop detected" error messages (debugObj).
Regards
Henrik
Received on Mon Apr 15 2002 - 17:57:19 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:15:10 MST