httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Bannert <aa...@clove.org>
Subject Re: cvs commit: httpd-2.0/server core.c
Date Wed, 31 Oct 2001 18:57:56 GMT
On Wed, Oct 31, 2001 at 12:37:22PM -0600, William Rowe wrote:
> > aaron       01/10/31 10:21:53
> > 
> >   Modified:    server   core.c
> >   Log:
> >   Fix a big memory leak bug related to arbitrarily large header lines.
> >   The core input filter would happily consume all the data you gave it
> >   in a header line, looking for that one LF. This patch limits that
> >   "getline" functionality to HUGE_STRING_LEN (8192 bytes).
> 
> This patch only affected message headers, not message bodies, correct?
> 
> If we are trying to consume and discard the POST body to the core handler 
> as text, we have done something horribly wrong.  We should simply gobble
> it up as binary and ignore it.

This only affects calls to the core_input_filter where *readbytes == 0
(aka readline).

-aaron

Mime
View raw message