httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <>
Subject Re: Funny stuff with content negotiation
Date Thu, 25 Jan 2001 15:59:17 GMT
Jeff Trawick <> writes:

> The Content-Type header field is FUBAR:
> Breakpoint 4, form_header_field (h=0xbfffb918,
>     fieldname=0x80ea996 "Content-Type",
>     fieldval=0x81585d4 "cept-Ranges: bytes\r\nContent-Length: 1311\r\nConnection: close\r\n")
at http_protocol.c:1791
> 1791        headfield = apr_pstrcat(h->r->pool, fieldname, ": ", fieldval, CRLF,
> This explains at least part of the bogosity.

The problem is that the buffer for headers is not large enough.  The
allocation was moved to a point before where we call
compute_header_len() on the table, so the len variable is way too
small when we alloc the buffer.  As we later build the header we
overlay the storage where the individual header fields lived, thus
corrupting the table.

I'll start looking at a fix now (something other than getting a
10000-byte header buffer, which is what I'm doing now :) ).
Jeff Trawick | | PGP public key at web site:
             Born in Roswell... married an alien...

View raw message