httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From minf...@apache.org
Subject svn commit: r814337 - in /httpd/httpd/trunk: CHANGES modules/filters/mod_request.c
Date Sun, 13 Sep 2009 16:35:40 GMT
Author: minfrin
Date: Sun Sep 13 16:35:40 2009
New Revision: 814337

URL: http://svn.apache.org/viewvc?rev=814337&view=rev
Log:
mod_request: Make sure the KeptBodySize directive rejects values
that aren't valid numbers.

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/filters/mod_request.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=814337&r1=814336&r2=814337&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Sun Sep 13 16:35:40 2009
@@ -2,6 +2,9 @@
 
 Changes with Apache 2.3.3
 
+  *) mod_request: Make sure the KeptBodySize directive rejects values
+     that aren't valid numbers. [Graham Leggett]
+
   *) mod_session_crypto: Sanity check should the potentially encrypted
      session cookie be too short. [Graham Leggett]
 

Modified: httpd/httpd/trunk/modules/filters/mod_request.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/filters/mod_request.c?rev=814337&r1=814336&r2=814337&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/filters/mod_request.c (original)
+++ httpd/httpd/trunk/modules/filters/mod_request.c Sun Sep 13 16:35:40 2009
@@ -564,10 +564,11 @@
                                       const char *arg)
 {
     request_dir_conf *conf = dconf;
+    char *end = NULL;
 
-    if (APR_SUCCESS != apr_strtoff(&(conf->keep_body), arg, NULL, 0)
-        || conf->keep_body < 0) {
-        return "KeptBodySize must be a size in bytes, or zero.";
+    if (APR_SUCCESS != apr_strtoff(&(conf->keep_body), arg, &end, 0)
+            || conf->keep_body < 0 || end) {
+        return "KeptBodySize must be a valid size in bytes, or zero.";
     }
     conf->keep_body_set = 1;
 



Mime
View raw message