Uploaded image for project: 'Axis2-C'
  1. Axis2-C
  2. AXIS2C-1415

Buffer overrun in axis2_http_client_recieve_header when receiving a HTTP header field larger than 512 bytes in length.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 1.6.0
    • 1.7.0
    • transport/http
    • None
    • Windows XP SP2, Axis2/C compiled with Visual Studio 2008 SP1

    Description

      A buffer overrun occurs in axis2_http_client_recieve_header when a HTTP header field larger than 512 bytes is received resulting in stack corruption and in my case causes the client to loop forever.

      In my scenario I was using the Axis2/C 1.6 client to invoke a RESTful service using Basic Authentication running on a Websphere 7 environment. Upon successful authentication the response HTTP header contains a Set-Cookie field totaling 760 bytes.

      I was able to work around this issue by doubling the size of the str_header field and modifying the memset reference to use sizeof avoiding the need to modify thm in the future if the size changes again. The module at the least should keep track of the accumulated header field size to avoid overruns in the future but ideally should dynamically allocate memory to cope with any size header field.

      Attachments

        Issue Links

          Activity

            People

              nadiramra Nadir K. Amra
              nmeachen Nigel Meachen
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: