Fix buffer overflow on empty strings in key.

Sometimes apache segfalult on memory copying when key.dptr is some kind of empty string and key.dsize seems to be 0.
owasp-modsecurity · Oct 26, 2015 · 7ba07bd · 7ba07bd
1 parent fdcab3a
commit 7ba07bd
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/apache2/persist_dbm.c b/apache2/persist_dbm.c
@@ -626,7 +626,7 @@ int collections_remove_stale(modsec_rec *msr, const char *col_name) {
      */
     rc = apr_sdbm_firstkey(dbm, &key);
     while(rc == APR_SUCCESS) {
-        char *s = apr_pstrmemdup(msr->mp, key.dptr, key.dsize - 1);
+        char *s = apr_pstrmemdup(msr->mp, key.dptr, strlen(key.dptr));
         *(char **)apr_array_push(keys_arr) = s;
         rc = apr_sdbm_nextkey(dbm, &key);
     }