Details
-
Bug
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
1.5.0, 1.6.0
-
None
-
None
-
Windows
Description
When logging of input/output messages are enabled and the length of the message is greater than or equal to AXIS2_LEN_VALUE (currently 6,000), the message contains trailing "garbage" data which gives the appearance of data corruption. The garbage data attributed to the behavior of the sprintf family of functions on Windows and specifically _vsnprintf. When the number of characters to write is greater than or equal to the count argument (in this case AXIS2_LEN_VALUE), the buffer is not null-terminated. Initializing the buffer prior to the AXIS2_VSNPRINTF call in util/src/log.c will prevent this situation from occurring.
While this situation is currently only likely to occur with the "info" level of log messages, this vulnerability exists in all levels.