Bug in ab from Apache 2.2.22

Some time ago I found that ab from Apache can be crashed by malformed CLI arguments. Below few notes about it.

VM with Debian7 and Apache 2.2.22 installed. Let's try ab:

Ok. From manual we will get that:

So now we know what we're looking for. Checking version(s):

Next:

Ok, good. We will use it for future tests.

Fortunately I found source code (from 2.4):

Great. Looking deeper:

Next:

Next:

And next:

So again, restart:

Overview:

Now we will set a breakpoint:

Restart:

And we're here:

Let's go back to the source:

Ok, good. Because I was looking for other functions used in the source, I found also this file:

So now we see a declaration of the function:

Here you will see that mentioned function used in the source:

Ok, next (still in apr_snprintf.c file):

What is doing this convert-function?

And this is our conv_10():

...as described:

So we're here:

Checking:

Restarting:

P.S.

I think I found another bug, this time related to "allocations". Check it out:

But when we'll increase the value for "C":

And here:

And this is how I found:

This page and this one :)

Maybe you will find it useful. :)


Cheers