httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Ames <>
Subject Re: cvs commit: httpd-2.0/server protocol.c
Date Tue, 10 Dec 2002 21:22:28 GMT
Brian Pane wrote:
> +1 for the patch in 2.0.44.


> Longer term, a better solution might be able to fix the problem
> closer to its source.  I'm assuming, based on the code, that the
> problem only occurs when the "folding" logic in ap_get_mime_headers_core
> is invoked.  

I was thinking that the length limit worked, but then ap_escape_html went nuts 
due to the lack of a null in the buffer.

> That's the only case I see where the the size of the field can grow arbitrarily large.

yikes!  Then we should fix that too.

 >(If the field is on a single line, its length is limited within 

But that length limit didn't affect ap_escape_html directly.  It assumes its 
input string is null terminated which may not happen in the error paths.  Hence 
the problem, I think.

> I think it
> would be cleaner to impose the length limit in the folding code.
> But for now, the current patch is okay.

I'll take a closer look at the dump and see if there's evidence of folding.

Thanks much for the review.

View raw message