Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
1.6.0
-
None
-
Windows XP SP2, Axis2/C compiled with Visual Studio 2008 SP1
Description
A buffer overrun occurs in axis2_http_client_recieve_header when a HTTP header field larger than 512 bytes is received resulting in stack corruption and in my case causes the client to loop forever.
In my scenario I was using the Axis2/C 1.6 client to invoke a RESTful service using Basic Authentication running on a Websphere 7 environment. Upon successful authentication the response HTTP header contains a Set-Cookie field totaling 760 bytes.
I was able to work around this issue by doubling the size of the str_header field and modifying the memset reference to use sizeof avoiding the need to modify thm in the future if the size changes again. The module at the least should keep track of the accumulated header field size to avoid overruns in the future but ideally should dynamically allocate memory to cope with any size header field.
Attachments
Issue Links
- blocks
-
AXIS2C-1681 Apache Axis2C Roadmap 1.7 Planning
- Open
- is duplicated by
-
AXIS2C-1511 infinite loop when consuming a .NET ws with long header string (more than 512 chars in a row).
- Closed
- relates to
-
AXIS2C-1661 vulnerability : buffer overflow in axis2/c http client
- Closed