[bug] MemBuf and using as string

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 16 Apr 2002 01:59:55 +0200

There is several places in the code using MemBuf as a string blindly
assuming there is a \0 terminator after the data, but MemBufAppend()
apparently do not guarantee this...

Identified so far:

  debugObj()
  log_mime_hdrs

but there probably is more..

Now to the question: Should we audit the code to make sure it properly
deals with this by appending the \0 where required before using it as a
string with the slight risk of accidently introducing a \0 in output
data, or modify MemBuf to always \0 terminate the data outside of the
accounted data size?

I am a bit surprised we haven't seen this before.. I detected it by
noticing there was HTML error content in cache.log on some "Forwarding
loop detected" error messages (debugObj).

Regards
Henrik
Received on Mon Apr 15 2002 - 17:57:19 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:15:10 MST