httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <>
Subject Re: svn commit: r1582264 - in /httpd/httpd/branches/2.4.x: CHANGES modules/lua/lua_apr.c
Date Thu, 27 Mar 2014 12:38:53 GMT
On Thu, 2014-03-27 at 13:21 +0100, Daniel Gruno wrote:

> You can't log a warning or strip the newline;
> 1) it's a const char* so magical things will happen if you edit it(?)
> 2) we don't have a pool handy to make a new string without the newline
> or log an error.
> As I said in the commit msg in trunk, it's an ugly hack, and if someone
> finds a more clever way of solving it, I'm all ears :) Maybe I'm
> forgetting something entirely obvious, who knows.

If you're going to do security checking, you need to work through it.
The absence of a pool suggests this may be the wrong place for it.

Perhaps what needs to happen is you set a "bogus-value seen" flag,
then check it at an appropriate point when you can manipulate
values or abort requests, and log errors?  Would that require
excessive shoehorning?

Nick Kew

View raw message