Opened 15 years ago
Closed 15 years ago
#2871 closed defect (fixed)
WMS request with LAYERS parameter: segmentation fault can occur
Reported by: | aboudreault | Owned by: | aboudreault |
---|---|---|---|
Priority: | normal | Milestone: | 5.2.2 release |
Component: | MapServer C Library | Version: | unspecified |
Severity: | normal | Keywords: | |
Cc: | dmorissette |
Description
A Segmentation fault on a WMS request using the url parameter "LAYERS" can occur with the code in mapwms.c that puts the layer in order. The reason is simple: the user can put anything in the "LAYERS" parameter value; layer names, layer groups, 2 times the same layer name, etc. This result with a buffer overflow of the map->layerorder array.
Change History (4)
comment:1 by , 15 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
comment:2 by , 15 years ago
Alan, please backport the fix to the 5.2.x branch as well, it's a serious enough issue.
Also, the following line from your patch is not ANSI C, you cannot execute a function call in a variable declaration in C (only in C++), you'll need to move the malloc (and add a test for success) after the variable declarations:
int *layerOrder = (int*)malloc(map->numlayers * sizeof(int));
comment:3 by , 15 years ago
Resolution: | fixed |
---|---|
Status: | closed → reopened |
comment:4 by , 15 years ago
Resolution: | → fixed |
---|---|
Status: | reopened → closed |
Fixed and committed in SVN trunk in r8498.