httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject svn commit: r1638069 - in /httpd/httpd/branches/2.4.x: ./ STATUS support/ab.c
Date Tue, 11 Nov 2014 11:44:53 GMT
Author: jim
Date: Tue Nov 11 11:44:52 2014
New Revision: 1638069

URL: http://svn.apache.org/r1638069
Log:
Merge r1622450 from trunk:

ab: increase request and response header size to 8192 bytes,
fix potential buffer-overflow in Server: header handling.

Submitted by: jkaluza
Reviewed/backported by: jim

Modified:
    httpd/httpd/branches/2.4.x/   (props changed)
    httpd/httpd/branches/2.4.x/STATUS
    httpd/httpd/branches/2.4.x/support/ab.c

Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
  Merged /httpd/httpd/trunk:r1622450

Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1638069&r1=1638068&r2=1638069&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Tue Nov 11 11:44:52 2014
@@ -102,12 +102,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-   * ab: Increase request and response header size to 8192 bytes.
-     Fix potential buffer-overflow in Server: header handling.
-     trunk patch: http://svn.apache.org/r1622450
-     2.4.x patch: trunk works
-     +1: jkaluza, ylavic, trawick
-
    * mod_cache: Avoid another (unlikely) access to freed memory.
      trunk patch: http://svn.apache.org/r1632740
      2.4.x patch: http://people.apache.org/~ylavic/httpd-2.4.x-apr_bucket_delete_new_fix.patch

Modified: httpd/httpd/branches/2.4.x/support/ab.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/support/ab.c?rev=1638069&r1=1638068&r2=1638069&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/support/ab.c (original)
+++ httpd/httpd/branches/2.4.x/support/ab.c Tue Nov 11 11:44:52 2014
@@ -220,7 +220,7 @@ typedef enum {
     STATE_READ
 } connect_state_e;
 
-#define CBUFFSIZE (2048)
+#define CBUFFSIZE (8192)
 
 struct connection {
     apr_pool_t *ctx;
@@ -340,7 +340,7 @@ BIO *bio_out,*bio_err;
 apr_time_t start, lasttime, stoptime;
 
 /* global request (and its length) */
-char _request[2048];
+char _request[8192];
 char *request = _request;
 apr_size_t reqlen;
 
@@ -1515,12 +1515,14 @@ static void read_connection(struct conne
                  * this is first time, extract some interesting info
                  */
                 char *p, *q;
+                size_t len = 0;
                 p = strstr(c->cbuff, "Server:");
                 q = servername;
                 if (p) {
                     p += 8;
-                    while (*p > 32)
-                    *q++ = *p++;
+                    /* -1 to not overwrite last '\0' byte */
+                    while (*p > 32 && len++ < sizeof(servername) - 1)
+                        *q++ = *p++;
                 }
                 *q = 0;
             }



Mime
View raw message