My criticism has to do with your implementation.
There's no point in fixing exploitable code with
a differently exploitable implementation. Just
buffer things in an internal array and merge the
string once at the end of the loop, and *not* as
you iterate over the elements of the range header.
From: Jim Jagielski
Sent: Thursday, August 25, 2011 5:10 PM
Subject: Re: svn commit: r1161661 - /httpd/httpd/trunk/modules/http/byterange_filter.c
On Aug 25, 2011, at 5:02 PM, Joe Schaefer wrote:
> +1, also has the advantage of not being a quadratic
> allocator the way Jim's usage of apr_pstrcat is.
So what, exactly, will ap_set_byterange() do…? It was
my impression that it created our r->range entry...