Help and Support
 

powered byLive Search

MFC ISAPI Generates Access Violation in CHtmlStream.Detach

View products that this article applies to.
Article ID:167736
Last Review:June 23, 2005
Revision:3.2
This article was previously published under Q167736
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/prodtech/IIS.mspx (http://www.microsoft.com/technet/security/prodtech/IIS.mspx)

SYMPTOMS

When an MFC ISAPI extension DLL generates HTML text whose length is exactly a multiple of 4096 bytes, an access violation is generated in Internet Information Server (IIS). This results in a crash of IIS if your ISAPI DLL is running in process, or a crash of the process hosting your ISAPI DLL (usually mtx.exe) if you are running out of process under IIS 4.

Back to the top

CAUSE

There is a bug with the CHtmlStream class (in the CHtmlStream::Detach() method), where a null character is appended to the end of the stream to end the string. The buffer is allocated in 4K increments, and if the size of the stream is a multiple of 4K, the null character is written in memory that has not been allocated.

Back to the top

RESOLUTION

To work around this problem, make sure that the length of the CHtmlStream is not a multiple of 4096. You can use code similar to this: 
   if ( pCtxt->m_pStream->GetStreamSize() % 4096 == 0 )
                 *pCtxt << _T( " " ) ;

You will need to do this at the end of any function that returns data to the server. Here is an example: 
   void CTestExtension::Default(CHttpServerContext* pCtxt)
   {
     StartContent(pCtxt);
     WriteTitle(pCtxt);
     *pCtxt << _T("This default message was produced by the Internet");
     *pCtxt << _T(" Server DLL Wizard. Edit your
         CTestExtension::Default()");
     *pCtxt << _T(" implementation to change it.\r\n");

     EndContent(pCtxt);

     if ( pCtxt->m_pStream->GetStreamSize() % 4096 == 0 ) *pCtxt << _T( " " ) ;
   }

You want to put this code at the end of the proc because any of the code before this may change the size of the buffer.

Back to the top

STATUS

Microsoft has confirmed this to be a bug in the Microsoft products listed at the beginning of this article. We are researching this bug and will post new information here in the Microsoft Knowledge Base as it becomes available.

(c) Microsoft Corporation 1997, All Rights Reserved. Contributions by Leon Braginski, Microsoft Corporation

Back to the top

APPLIES TO
Microsoft Internet Information Server 1.0
Microsoft Internet Information Server 2.0
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
Microsoft Visual C++ 4.1 Subscription
Microsoft Visual C++ 4.2 Enterprise Edition
Microsoft Visual C++ 5.0 Enterprise Edition
Microsoft Visual C++ 6.0 Enterprise Edition
Microsoft Visual C++ 4.2 Professional Edition
Microsoft Visual C++ 5.0 Professional Edition
Microsoft Visual C++ 6.0 Professional Edition
Microsoft Visual C++, 32-bit Learning Edition 6.0

Back to the top

Keywords: 
kbbug kbpending KB167736

Back to the top

Article Translations

 

Other Support Options

  • Need More Help?
    Contact a Support professional by E-mail, Online or Phone.
  • Customer Service
    For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more.
  • Newsgroups
    Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.