You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by tr...@apache.org on 2004/05/14 01:40:04 UTC
cvs commit: httpd-2.0/server protocol.c
trawick 2004/05/13 16:40:04
Modified: . Tag: APACHE_2_0_BRANCH STATUS CHANGES
server Tag: APACHE_2_0_BRANCH protocol.c
Log:
Ensure that lines in the request which are too long are
properly terminated before logging.
Submitted by: Tsurutani Naoki <turutani scphys.kyoto-u.ac.jp>
Reviewed by: trawick, nd, bnicholes
Revision Changes Path
No revision
No revision
1.751.2.854 +1 -5 httpd-2.0/STATUS
Index: STATUS
===================================================================
RCS file: /home/cvs/httpd-2.0/STATUS,v
retrieving revision 1.751.2.853
retrieving revision 1.751.2.854
diff -u -r1.751.2.853 -r1.751.2.854
--- STATUS 13 May 2004 15:18:24 -0000 1.751.2.853
+++ STATUS 13 May 2004 23:40:02 -0000 1.751.2.854
@@ -393,10 +393,6 @@
which integrates the two rounds of changes)
+1 concept: trawick
- * Make sure long request lines are '\0'-terminated. (PR 28376)
- http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/protocol.c?r1=1.147&r2=1.148
- +1: trawick, nd, bnicholes
-
CURRENT RELEASE NOTES:
* Backwards compatibility is expected of future Apache 2.0 releases,
1.988.2.275 +4 -0 httpd-2.0/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/httpd-2.0/CHANGES,v
retrieving revision 1.988.2.274
retrieving revision 1.988.2.275
diff -u -r1.988.2.274 -r1.988.2.275
--- CHANGES 26 Apr 2004 22:04:58 -0000 1.988.2.274
+++ CHANGES 13 May 2004 23:40:02 -0000 1.988.2.275
@@ -1,5 +1,9 @@
Changes with Apache 2.0.50
+ *) Ensure that lines in the request which are too long are
+ properly terminated before logging.
+ [Tsurutani Naoki <turutani scphys.kyoto-u.ac.jp>]
+
*) Update the bind credentials for the cached LDAP connection to
reflect the last bind. This prevents util_ldap from creating
unnecessary connections rather than reusing cached connections.
No revision
No revision
1.121.2.17 +11 -0 httpd-2.0/server/protocol.c
Index: protocol.c
===================================================================
RCS file: /home/cvs/httpd-2.0/server/protocol.c,v
retrieving revision 1.121.2.16
retrieving revision 1.121.2.17
diff -u -r1.121.2.16 -r1.121.2.17
--- protocol.c 8 Mar 2004 22:54:20 -0000 1.121.2.16
+++ protocol.c 13 May 2004 23:40:03 -0000 1.121.2.17
@@ -250,6 +250,15 @@
/* Would this overrun our buffer? If so, we'll die. */
if (n < bytes_handled + len) {
*read = bytes_handled;
+ if (*s) {
+ /* ensure this string is terminated */
+ if (bytes_handled < n) {
+ (*s)[bytes_handled] = '\0';
+ }
+ else {
+ (*s)[n-1] = '\0';
+ }
+ }
return APR_ENOSPC;
}
@@ -380,6 +389,8 @@
/* Do we have enough space? We may be full now. */
if (bytes_handled >= n) {
*read = n;
+ /* ensure this string is terminated */
+ (*s)[n-1] = '\0';
return APR_ENOSPC;
}
else {