httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject Re: [PATCH] proxy/ajp_header.c: Fix header detection
Date Thu, 30 Aug 2007 14:39:37 GMT
Yeah, all this is being fixed in the mod_jk code as
well...

On Aug 30, 2007, at 6:55 AM, Martin Kraemer wrote:

> Hi.
>
> While looking at ajp_header.c, I realized that its method of parsing
> the header line tokens is flakey: it uses memcmp() to check, e.g.,
> whether the header token is "Accept-Charset:", by uppercasing the
> token name (-> "ACCEPT-CHARSET"), then compares the initial "ACCEPT-"
> prefix, and then tests:
> 	if (memcmp(p, "CHARSET", 7) == 0) return SC_ACCEPT_CHARSET;
> but does not verify that the end of the token has been reached.
>
> Thus, a header
>   Accept-CharsetXXX-Blah: utf-8
> would be mistaken for an "Accept-Charset: utf-8".
>
> Same goes for a couple of other header names.
> The patch replaces the memcmp by a strcmp to check for the trailing
> NIL character, too.
>
> Also, IMO it is better to replace memcmp by strncasecmp in the test
> -        if (memcmp(stringname, "Content-Type", 12) == 0) {
> +        if (strncasecmp(stringname, "Content-Type", 12) == 0) {
>
> WDYT?
>
>   Martin
> -- 
> <Martin.Kraemer@Fujitsu-Siemens.com>        |     Fujitsu Siemens
> http://www.fujitsu-siemens.com/imprint.html | 81730  Munich,  Germany
> <ajp_header.c.diff>


Mime
View raw message