httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From b..@hyperreal.org
Subject cvs commit: apache-1.3/src/os/win32 mod_isapi.c
Date Sat, 09 May 1998 15:09:31 GMT
ben         98/05/09 08:09:31

  Modified:    src      CHANGES
               src/os/win32 mod_isapi.c
  Log:
  Don't force ISAPI headers to finish with \n.
  PR: 2060
  Submitted by:	Jim Patterson <Jim.Patterson@Cognos.COM>, Ben Laurie
  
  Revision  Changes    Path
  1.839     +6 -0      apache-1.3/src/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /export/home/cvs/apache-1.3/src/CHANGES,v
  retrieving revision 1.838
  retrieving revision 1.839
  diff -u -r1.838 -r1.839
  --- CHANGES	1998/05/09 14:27:24	1.838
  +++ CHANGES	1998/05/09 15:09:29	1.839
  @@ -1,5 +1,11 @@
   Changes with Apache 1.3b7
   
  +  *) WIN32: Check for buffer overflows in ap_os_canonical_filename.
  +     [Ben Laurie]
  +
  +  *) WIN32: Don't force ISAPI headers to finish with \n.
  +     [Jim Patterson <Jim.Patterson@Cognos.COM>, Ben Laurie] PR#2060
  +
     *) When opening "configuration" files (like httpd.conf, htaccess
        and htpasswd), Apache will not allow them to be non-/dev/null
        device files. This closes a DoS hole. At the same time,
  
  
  
  1.11      +19 -1     apache-1.3/src/os/win32/mod_isapi.c
  
  Index: mod_isapi.c
  ===================================================================
  RCS file: /export/home/cvs/apache-1.3/src/os/win32/mod_isapi.c,v
  retrieving revision 1.10
  retrieving revision 1.11
  diff -u -r1.10 -r1.11
  --- mod_isapi.c	1998/04/11 12:01:05	1.10
  +++ mod_isapi.c	1998/05/09 15:09:31	1.11
  @@ -85,6 +85,10 @@
   /* We use the exact same header file as the original */
   #include <HttpExt.h>
   
  +/* Seems IIS does not enforce the requirement for \r\n termination on HSE_REQ_SEND_RESPONSE_HEADER,
  +   define this to conform */
  +#define RELAX_HEADER_RULE
  +
   module isapi_module;
   
   /* Our "Connection ID" structure */
  @@ -421,6 +425,10 @@
   	    char *value, *lf = strchr(data, '\n');
   	    int p;
   
  +#ifdef RELAX_HEADER_RULE
  +	    if (lf)
  +		*lf = '\0';
  +#else
   	    if (!lf) { /* Huh? Invalid data, I think */
   		ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
   			    "ISA sent invalid headers: %s", r->filename);
  @@ -430,12 +438,16 @@
   
   	    /* Get rid of \n and \r */
   	    *lf = '\0';
  +#endif
   	    p = strlen(data);
   	    if (p > 0 && data[p-1] == '\r') data[p-1] = '\0';
   	    
   	    /* End of headers */
   	    if (*data == '\0') {
  -		data = lf + 1;	/* Reset data */
  +#ifdef RELAX_HEADER_RULE
  +		if (lf)
  +#endif
  +		    data = lf + 1;	/* Reset data */
   		break;
   	    }
   
  @@ -477,6 +489,12 @@
   	    }
   	  
   	    /* Reset data */
  +#ifdef RELAX_HEADER_RULE
  +	    if (!lf) {
  +		data += p;
  +		break;
  +	    }
  +#endif
   	    data = lf + 1;
   	}
   	
  
  
  

Mime
View raw message