Return-Path: Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 60498 invoked by uid 500); 10 Dec 2002 02:56:28 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 60487 invoked by uid 500); 10 Dec 2002 02:56:28 -0000 Delivered-To: apmail-httpd-2.0-cvs@apache.org Date: 10 Dec 2002 02:56:27 -0000 Message-ID: <20021210025627.85090.qmail@icarus.apache.org> From: gregames@apache.org To: httpd-2.0-cvs@apache.org Subject: cvs commit: httpd-2.0/server protocol.c X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N gregames 2002/12/09 18:56:27 Modified: server protocol.c Log: prevent a potential seg fault in ap_escape_html if a header field is too long. Revision Changes Path 1.123 +2 -0 httpd-2.0/server/protocol.c Index: protocol.c =================================================================== RCS file: /home/cvs/httpd-2.0/server/protocol.c,v retrieving revision 1.122 retrieving revision 1.123 diff -u -r1.122 -r1.123 --- protocol.c 3 Dec 2002 08:38:45 -0000 1.122 +++ protocol.c 10 Dec 2002 02:56:26 -0000 1.123 @@ -778,6 +778,8 @@ || (rv == APR_SUCCESS && len > (apr_size_t)r->server->limit_req_fieldsize)) { r->status = HTTP_BAD_REQUEST; + /* insure ap_escape_html will terminate correctly */ + field[r->server->limit_req_fieldsize] = '\0'; apr_table_setn(r->notes, "error-notes", apr_pstrcat(r->pool, "Size of a request header field "