You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by tr...@apache.org on 2003/12/10 23:40:33 UTC
cvs commit: httpd-2.0/server core.c
trawick 2003/12/10 14:40:33
Modified: . CHANGES
server core.c
Log:
Fix <Limit> and <LimitExcept> parsing to require a closing '>'
in the initial container.
PR: 25414
Submitted by: Geoffrey Young <geoff apache.org>]
Reviewed by: Jeff Trawick
Revision Changes Path
1.1339 +4 -0 httpd-2.0/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/httpd-2.0/CHANGES,v
retrieving revision 1.1338
retrieving revision 1.1339
diff -u -r1.1338 -r1.1339
--- CHANGES 10 Dec 2003 19:26:15 -0000 1.1338
+++ CHANGES 10 Dec 2003 22:40:33 -0000 1.1339
@@ -2,6 +2,10 @@
[Remove entries to the current 2.0 section below, when backported]
+ *) Fix <Limit> and <LimitExcept> parsing to require a closing '>'
+ in the initial container. PR 25414.
+ [Geoffrey Young <geoff apache.org>]
+
*) Fix memory leak in handling of request bodies during reverse
proxy operations. PR 24991. [Larry Toppi <larry.toppi citrix.com>]
1.253 +17 -10 httpd-2.0/server/core.c
Index: core.c
===================================================================
RCS file: /home/cvs/httpd-2.0/server/core.c,v
retrieving revision 1.252
retrieving revision 1.253
diff -u -r1.252 -r1.253
--- core.c 21 Nov 2003 15:02:04 -0000 1.252
+++ core.c 10 Dec 2003 22:40:33 -0000 1.253
@@ -1552,11 +1552,21 @@
return NULL;
}
+/*
+ * Report a missing-'>' syntax error.
+ */
+static char *unclosed_directive(cmd_parms *cmd)
+{
+ return apr_pstrcat(cmd->pool, cmd->cmd->name,
+ "> directive missing closing '>'", NULL);
+}
+
AP_CORE_DECLARE_NONSTD(const char *) ap_limit_section(cmd_parms *cmd,
void *dummy,
const char *arg)
{
- const char *limited_methods = ap_getword(cmd->pool, &arg, '>');
+ const char *endp = ap_strrchr_c(arg, '>');
+ const char *limited_methods;
void *tog = cmd->cmd->cmd_data;
apr_int64_t limited = 0;
const char *errmsg;
@@ -1566,6 +1576,12 @@
return err;
}
+ if (endp == NULL) {
+ return unclosed_directive(cmd);
+ }
+
+ limited_methods = apr_pstrndup(cmd->pool, arg, endp - arg);
+
while (limited_methods[0]) {
char *method = ap_getword_conf(cmd->pool, &limited_methods);
int methnum;
@@ -1609,15 +1625,6 @@
#else
#define USE_ICASE 0
#endif
-
-/*
- * Report a missing-'>' syntax error.
- */
-static char *unclosed_directive(cmd_parms *cmd)
-{
- return apr_pstrcat(cmd->pool, cmd->cmd->name,
- "> directive missing closing '>'", NULL);
-}
static const char *dirsection(cmd_parms *cmd, void *mconfig, const char *arg)
{
Re: cvs commit: httpd-2.0/server core.c
Posted by Geoffrey Young <ge...@modperlcookbook.org>.
trawick@apache.org wrote:
> trawick 2003/12/10 14:40:33
>
> Modified: . CHANGES
> server core.c
> Log:
> Fix <Limit> and <LimitExcept> parsing to require a closing '>'
> in the initial container.
>
> PR: 25414
> Submitted by: Geoffrey Young <geoff apache.org>]
> Reviewed by: Jeff Trawick
excellent, thanks.
and sorry about the space problems in the patch. I usually use attachments
but didn't see the upload field in the bug form, which I'll use from now on.
--Geoff