httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From aa...@apache.org
Subject cvs commit: httpd-2.0/server core.c
Date Wed, 31 Oct 2001 18:21:53 GMT
aaron       01/10/31 10:21:53

  Modified:    server   core.c
  Log:
  Fix a big memory leak bug related to arbitrarily large header lines.
  The core input filter would happily consume all the data you gave it
  in a header line, looking for that one LF. This patch limits that
  "getline" functionality to HUGE_STRING_LEN (8192 bytes).
  
  Revision  Changes    Path
  1.83      +5 -0      httpd-2.0/server/core.c
  
  Index: core.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/server/core.c,v
  retrieving revision 1.82
  retrieving revision 1.83
  diff -u -r1.82 -r1.83
  --- core.c	2001/10/23 20:46:02	1.82
  +++ core.c	2001/10/31 18:21:53	1.83
  @@ -2936,6 +2936,11 @@
           APR_BUCKET_REMOVE(e);
           APR_BRIGADE_INSERT_TAIL(b, e);
           *readbytes += len;
  +        /* We didn't find an APR_ASCII_LF within the predefined maximum
  +         * line length. */
  +        if (len >= HUGE_STRING_LEN) {
  +            return -1;
  +        }
       }
   
       return APR_SUCCESS;
  
  
  

Mime
View raw message