httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: svn commit: r490156 - /httpd/httpd/trunk/modules/metadata/mod_headers.c
Date Tue, 23 Jan 2007 21:06:46 GMT


On 12/25/2006 06:40 PM, niq@apache.org wrote:
> Author: niq
> Date: Mon Dec 25 09:40:10 2006
> New Revision: 490156
> 
> URL: http://svn.apache.org/viewvc?view=rev&rev=490156
> Log:
> PR#36609 - permit % as the last character of a Header value
> 
> Modified:
>     httpd/httpd/trunk/modules/metadata/mod_headers.c
> 
> Modified: httpd/httpd/trunk/modules/metadata/mod_headers.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/metadata/mod_headers.c?view=diff&rev=490156&r1=490155&r2=490156
> ==============================================================================
> --- httpd/httpd/trunk/modules/metadata/mod_headers.c (original)
> +++ httpd/httpd/trunk/modules/metadata/mod_headers.c Mon Dec 25 09:40:10 2006
> @@ -305,8 +305,8 @@
>      }
>      s++; /* skip the % */
>  
> -    /* Pass through %% as % */
> -    if (*s == '%') {
> +    /* Pass through %% or % at end of string as % */
> +    if ((*s == '%') || (*s == '\0')) {
>          tag->func = constant_item;
>          tag->arg = "%";
>          *sa = ++s;

Doesn't this create an off-by-one error?

Lets s look like the following: s = "%\0t"

This would result in pointing *sa to t.

But in line 360 we have the following loop:

   while (*s) {
        if ((res = parse_format_tag(p, (format_tag *) apr_array_push(hdr->ta), &s)))
{
            return res;
        }
    }

It would then start to process the memory region starting with t with parse_format_tag.

I think the following should fix this:

Index: modules/metadata/mod_headers.c
===================================================================
--- modules/metadata/mod_headers.c      (Revision 495852)
+++ modules/metadata/mod_headers.c      (Arbeitskopie)
@@ -309,7 +309,9 @@
     if ((*s == '%') || (*s == '\0')) {
         tag->func = constant_item;
         tag->arg = "%";
-        *sa = ++s;
+        if (*s)
+            s++;
+        *sa = s;
         return NULL;
     }



Regards

RĂ¼diger


Mime
View raw message