httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject [PATCH] log long headers
Date Thu, 27 Feb 1997 02:35:12 GMT
Right now when we get a header that is too long we just exit.  We should
return a 414, but that's not overly nice given the current structure.

I think we should log the problem.  Almost a feature, but... gives
people some way to know when someone is trying a buffer overflow
attack.

Index: http_protocol.c
===================================================================
RCS file: /export/home/cvs/apache/src/http_protocol.c,v
retrieving revision 1.105
diff -c -r1.105 http_protocol.c
*** http_protocol.c	1997/02/22 00:37:18	1.105
--- http_protocol.c	1997/02/27 02:33:48
***************
*** 590,597 ****
  	}
      }
      bsetflag( conn->client, B_SAFEREAD, 0 );
!     if (len == (HUGE_STRING_LEN - 1))
          return 0;               /* Should be a 414 error status instead */
  
      r->request_time = time(NULL);
      r->the_request = pstrdup (r->pool, l);
--- 590,600 ----
  	}
      }
      bsetflag( conn->client, B_SAFEREAD, 0 );
!     if (len == (HUGE_STRING_LEN - 1)) {
!         log_printf(r->server, "request failed for %s, reason: header too long",
!             get_remote_host(r->connection, r->per_dir_config, REMOTE_NAME));
          return 0;               /* Should be a 414 error status instead */
+     }
  
      r->request_time = time(NULL);
      r->the_request = pstrdup (r->pool, l);


Mime
View raw message