gSOAP Toolkit / Bugs / #1236 Suggested change changes size

#1236 Suggested change changes size

Milestone: v1.0 (example)

Status: closed

Owner: Robert van Engelen

Labels: None

Priority: 5

Updated: 2019-02-16

Created: 2019-02-16

Creator: Mattias Ellert

Private: No

The proposed fix for CVE-2019-7659 on https://www.genivia.com/advisory.html "Bug in gSOAP versions 2.7.0 to 2.8.74 for applications built with the WITH_COOKIES flag enabled (Jan 14, 2019)" replaces a size_t with an int in a function signature in the public stdsoap2.h header. This changes the size of the symbol on some architecture. The issue can be avoided if ssize_t is used instead;

gsoap/stdsoap2.c and gsoap/stdsoap2.cpp;

SOAP_FMAC1
ssize_t // changed
SOAP_FMAC2
soap_encode_url(const char *s, char *t, ssize_t len) // changed
{
  int c;
  ssize_t n = len; // changed
  if (n <= 0) return 0; // added

gsoap/stdsoap2.h

SOAP_FMAC1 ssize_t SOAP_FMAC2 soap_encode_url(const char*, char*, ssize_t);

Discussion

Robert van Engelen - 2019-02-16

Wouldn't consider this a bug, rather a rebuild issue perhaps . Newer versions do change the internals occasionally, requiring lib updates, but of course only when it does not affect the public API. This is not a public API function but an internal one.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Robert van Engelen - 2019-02-16

status: open --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Ben Hutchings - 2019-02-16

Where is this function documented as internal? It is declared in stdsoap2.h and is exported from the shared libaries.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Suggested change changes size

Development toolkit for Web Services and XML data bindings for C & C++

Group

Searches

Help

#1236 Suggested change changes size

Discussion