Uploaded image for project: 'Axis2-C'
  1. Axis2-C
  2. AXIS2C-1415

Buffer overrun in axis2_http_client_recieve_header when receiving a HTTP header field larger than 512 bytes in length.

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.6.0
    • Fix Version/s: 1.7.0
    • Component/s: transport/http
    • Labels:
      None
    • Environment:
      Windows XP SP2, Axis2/C compiled with Visual Studio 2008 SP1

      Description

      A buffer overrun occurs in axis2_http_client_recieve_header when a HTTP header field larger than 512 bytes is received resulting in stack corruption and in my case causes the client to loop forever.

      In my scenario I was using the Axis2/C 1.6 client to invoke a RESTful service using Basic Authentication running on a Websphere 7 environment. Upon successful authentication the response HTTP header contains a Set-Cookie field totaling 760 bytes.

      I was able to work around this issue by doubling the size of the str_header field and modifying the memset reference to use sizeof avoiding the need to modify thm in the future if the size changes again. The module at the least should keep track of the accumulated header field size to avoid overruns in the future but ideally should dynamically allocate memory to cope with any size header field.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                nadiramra Nadir K. Amra
                Reporter:
                nmeachen Nigel Meachen
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: