You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Yann Ylavic <yl...@gmail.com> on 2016/08/05 14:59:07 UTC
Re: svn commit: r1755264 - /httpd/httpd/trunk/server/protocol.c
On Fri, Aug 5, 2016 at 11:13 AM, <wr...@apache.org> wrote:
> Author: wrowe
> Date: Fri Aug 5 09:13:26 2016
> New Revision: 1755264
>
> URL: http://svn.apache.org/viewvc?rev=1755264&view=rev
> Log:
> Stop reflecting irrelevant data to the request error notes, particularly
> for abusive and malformed traffic the non-technical consumer of a user-agent
> has no control over.
>
> Simply take note where the administrator-configured limits have been exceeded,
> that administrator can find details in the error log if desired.
>
>
> Modified:
> httpd/httpd/trunk/server/protocol.c
>
> Modified: httpd/httpd/trunk/server/protocol.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/protocol.c?rev=1755264&r1=1755263&r2=1755264&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/server/protocol.c (original)
> +++ httpd/httpd/trunk/server/protocol.c Fri Aug 5 09:13:26 2016
> @@ -808,23 +808,9 @@ AP_DECLARE(void) ap_get_mime_headers_cor
> * exceeds the configured limit for a field size.
> */
> if (rv == APR_ENOSPC) {
> - const char *field_escaped;
> - if (field && len) {
> - /* ensure ap_escape_html will terminate correctly */
> - field[len - 1] = '\0';
> - field_escaped = ap_escape_html(r->pool, field);
> - }
> - else {
> - field_escaped = field = "";
> - }
'field' can still be NULL here when rgetline returns NOSPC, hence
field_name_len(field) below segfaults.
That's I guess what Jim observes in t/apache/limits.t...