Menu
▾
▴
#1959 Possible heap corruption in httpAdapter
There is a particular scenario where heap corruption can exist: if httpMaxContentLength in sfcb.cfg is set to 0 and the Content-Length of a request is 4294967290, getPayload() will try to memcpy() into an incorrectly sized buffer due to wrap around (we add 8 to Content-Length in the malloc).
Also, sfcb.cfg states that the default value for httpMaxContentLength _is_ 0, which is untrue.
committed patch (1.3 branch)
Note that this is NOT a problem if httpMaxContentLength is not set in sfcb.cfg; only if it is explicitly set to 0.
committed to CVS HEAD and git master
This Tracker item was closed automatically by the system. It was
previously set to a Pending status, and the original submitter
did not respond within 60 days (the time period specified by
the administrator of this Tracker).